diff --git a/tests/linux/2020.bdvl/bdvl.so.simple b/tests/linux/2020.bdvl/bdvl.so.simple index ea3b3f038..f264bfcff 100644 --- a/tests/linux/2020.bdvl/bdvl.so.simple +++ b/tests/linux/2020.bdvl/bdvl.so.simple @@ -1,4 +1,5 @@ # linux/2020.bdvl/bdvl.so: critical +3P/elastic/rootkit_bedevil: critical anti-behavior/LD_DEBUG: medium anti-behavior/process_check: high credential/password: low diff --git a/tests/linux/2024.melofee/driver_decrypted.simple b/tests/linux/2024.melofee/driver_decrypted.simple index 8636a4da9..30f39eccb 100644 --- a/tests/linux/2024.melofee/driver_decrypted.simple +++ b/tests/linux/2024.melofee/driver_decrypted.simple @@ -1,4 +1,5 @@ # linux/2024.melofee/driver_decrypted: critical +3P/elastic/rootkit_melofee: critical anti-static/binary/opaque: medium evasion/indicator_blocking/process: high evasion/mimicry/fake_process: high diff --git a/tests/linux/2024.melofee/pskt.simple b/tests/linux/2024.melofee/pskt.simple index d85204207..51e5ad9e8 100644 --- a/tests/linux/2024.melofee/pskt.simple +++ b/tests/linux/2024.melofee/pskt.simple @@ -1,4 +1,5 @@ # linux/2024.melofee/pskt: critical +3P/elastic/melofee: critical anti-behavior/LD_DEBUG: medium anti-behavior/LD_PROFILE: medium anti-static/elf/entropy: critical diff --git a/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple b/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple index 5a268b3f7..7da3aff6d 100644 --- a/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple +++ b/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple @@ -1,4 +1,5 @@ # ruby/2024.Ruby_rootkit/Ruby.c: critical +3P/elastic/rootkit: high c2/refs: medium evasion/rootkit/kernel: critical evasion/rootkit/refs: high diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE index eba8e1cb7..8b81eb361 100644 --- a/third_party/yara/YARAForge/RELEASE +++ b/third_party/yara/YARAForge/RELEASE @@ -1 +1 @@ -20241124 +20241201 diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar index 3f34d9db6..4cd7c3f5a 100644 --- a/third_party/yara/YARAForge/yara-rules-full.yar +++ b/third_party/yara/YARAForge/yara-rules-full.yar @@ -12,17 +12,17 @@ * Force Exclude Importance Level: 0 * Minimum Age (in days): 0 * Minimum Score: 40 - * Creation Date: 2024-11-24 - * Number of Rules: 12271 + * Creation Date: 2024-12-01 + * Number of Rules: 12295 * Skipped: 0 (age), 222 (quality), 7 (score), 0 (importance) */ /* * YARA Rule Set * Repository Name: ReversingLabs * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/ - * Retrieval Date: 2024-11-24 - * Git Commit: b0beb52a3fbac4178b1f6ceb079b9b8950839c99 - * Number of Rules: 1216 + * Retrieval Date: 2024-12-01 + * Git Commit: 9bcb61c86aa4583e393269828225349a81ea08a4 + * Number of Rules: 1218 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) * * @@ -59,8 +59,8 @@ rule REVERSINGLABS_Win32_Exploit_CVE20200601 : TC_DETECTION MALICIOUS EXPLOIT CV date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e4d915560ad72e0fde63276f9ffece00535c7983125efaa8298adc11d5e54817" score = 75 quality = 88 @@ -285,8 +285,8 @@ rule REVERSINGLABS_Linux_Backdoor_GTPDOOR : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-09-10" modified = "2024-09-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Linux.Backdoor.GTPDOOR.yara#L1-L264" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Linux.Backdoor.GTPDOOR.yara#L1-L264" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7b4b33b7838142e34c6d02260b6585305c4730c90e12b1adc099f9aeecf071a" score = 75 quality = 90 @@ -515,8 +515,8 @@ rule REVERSINGLABS_Win64_Backdoor_Voldemort : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-10-09" modified = "2024-10-09" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Win64.Backdoor.Voldemort.yara#L1-L208" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Win64.Backdoor.Voldemort.yara#L1-L208" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1fe2abe17436d2965e34d1f10223af50d9600809fdef234e7d89c74fa33228a9" score = 75 quality = 90 @@ -704,8 +704,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Njrat : TC_DETECTION MALICIOUS MALWARE date = "2024-07-31" modified = "2024-07-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.NjRAT.yara#L1-L266" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.NjRAT.yara#L1-L266" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "eeecf90965e6952d8b9efc9d1e96eaa47709b1d69fc7d435f4aebaaf0191f317" score = 75 quality = 90 @@ -934,8 +934,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Agentracoon : TC_DETECTION MALICIOUS M date = "2023-12-15" modified = "2023-12-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3ba73f19f59c2e5880df820c52f16997047d7299eb14d421ae2ed8f3790bcfe9" score = 75 quality = 90 @@ -1047,8 +1047,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Limerat : TC_DETECTION MALICIOUS MALWA date = "2024-03-04" modified = "2024-03-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03eaa2ac41950f036601222b32a28c03aae3b3445501e988e2f87e231a1a1522" score = 75 quality = 90 @@ -1127,8 +1127,8 @@ rule REVERSINGLABS_Win32_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7907a657d804d485718ba13bb23513de0b909e7d455c2b3ee193b5329edd3ac6" score = 75 quality = 90 @@ -1302,8 +1302,8 @@ rule REVERSINGLABS_Win64_Backdoor_Sidetwist : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-03-18" modified = "2024-03-18" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "811fa73ede59493c71435743848a3fce3a1604ec4065ffcb0b43e9715dfa5c31" score = 75 quality = 90 @@ -1437,8 +1437,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Orcusrat : TC_DETECTION MALICIOUS MALW date = "2024-09-10" modified = "2024-09-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.OrcusRAT.yara#L1-L134" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.OrcusRAT.yara#L1-L134" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "17a85613e9e4c862ce81fee49065c250381dbf8a50cf07d496f5fd2c1b82d92e" score = 75 quality = 90 @@ -1554,8 +1554,8 @@ rule REVERSINGLABS_Win32_Backdoor_Minodo : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-06-07" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "807408699fe00c8d1170598050e533dd0d79bb170f2538b6b6227cda7410060b" score = 75 quality = 90 @@ -1650,8 +1650,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Asyncrat : TC_DETECTION MALICIOUS MALW date = "2024-05-22" modified = "2024-05-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.AsyncRAT.yara#L1-L149" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.AsyncRAT.yara#L1-L149" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "53a13975cd53b571910f951adc44707c11b86c003eeb7b88dbe701253645ac89" score = 75 quality = 90 @@ -1774,8 +1774,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Menorah : TC_DETECTION MALICIOUS MALWA date = "2024-05-10" modified = "2024-05-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/ByteCode.MSIL.Backdoor.Menorah.yara#L1-L169" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/ByteCode.MSIL.Backdoor.Menorah.yara#L1-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "770aefca192ceb3a778c0b1259105ace8e64cb35d0c34acb15c45fb6f22ad94b" score = 75 quality = 90 @@ -1933,8 +1933,8 @@ rule REVERSINGLABS_Linux_Backdoor_Krasue : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-03-04" modified = "2024-03-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e2daa35ef9e0793062c9fb3bd8e4838e1e81ee3d228d8117b1c3b0e72eb8e151" score = 75 quality = 90 @@ -2044,8 +2044,8 @@ rule REVERSINGLABS_Linux_Trojan_Chinaz : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-07-31" modified = "2024-07-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Linux.Trojan.ChinaZ.yara#L1-L246" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Linux.Trojan.ChinaZ.yara#L1-L246" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d8d08f4f3f36ecc7b219b6b1aae3c76d26e8fb3a44444763929190c6124532ff" score = 75 quality = 90 @@ -2254,8 +2254,8 @@ rule REVERSINGLABS_Linux_Backdoor_Noodrat : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-08-26" modified = "2024-08-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Linux.Backdoor.NoodRAT.yara#L1-L162" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Linux.Backdoor.NoodRAT.yara#L1-L162" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2ec4a8ba7428054edb4dcdb6a00015b9758badf515f2c210bb946ba5402674d2" score = 75 quality = 90 @@ -2401,8 +2401,8 @@ rule REVERSINGLABS_Win64_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "37c45e3ed23ca9f4de876f666c9f6d9bf7eee5cb1650b02cdd9f58e2ccc4b5cb" score = 75 quality = 90 @@ -2590,8 +2590,8 @@ rule REVERSINGLABS_Linux_Backdoor_Linodas : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-05-22" modified = "2024-05-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/backdoor/Linux.Backdoor.Linodas.yara#L1-L216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/backdoor/Linux.Backdoor.Linodas.yara#L1-L216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "12445771106e36b74b1ea292a8a25cab66bcaf0a08cf88d39a9f1bb13c6f525b" score = 75 quality = 90 @@ -2771,8 +2771,8 @@ rule REVERSINGLABS_Win32_Downloader_Dlmarlboro : TC_DETECTION MALICIOUS MALWARE date = "2020-07-23" modified = "2020-07-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "465a3b3a9686889001ac0b929d0349e44b6015eaeed3386361366def5013164a" score = 75 quality = 90 @@ -2853,8 +2853,8 @@ rule REVERSINGLABS_Win32_PUA_Domaiq : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-28" modified = "2020-07-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/pua/Win32.PUA.Domaiq.yara#L1-L169" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/pua/Win32.PUA.Domaiq.yara#L1-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e291a639aa027a2257eec2853e40a222afabf23b32898326a1d5b48be823202c" score = 75 quality = 90 @@ -2997,8 +2997,8 @@ rule REVERSINGLABS_Win32_Trojan_Trickbot : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e10f16c70f1ff7cf11d3e25f06e4c5d9e20c51688582d2b51322f768a8e06d7e" score = 75 quality = 90 @@ -3041,8 +3041,8 @@ rule REVERSINGLABS_Linux_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-11-28" modified = "2023-11-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8f290141d5da660463dede6df571d774448e136e2993a0a4c706245464e1239e" score = 75 quality = 90 @@ -3117,8 +3117,8 @@ rule REVERSINGLABS_Win32_Trojan_Emotet : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-16" modified = "2021-11-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "747d603c9849a66782c95050a4a634ffdb4ce2882adcfc5d63e1f1ea1651b25e" score = 75 quality = 90 @@ -3263,8 +3263,8 @@ rule REVERSINGLABS_Win32_Trojan_Dridex : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-09-16" modified = "2020-09-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7eddc8f33846dfb61302b7d7fddd8dec59a1bde05b14135c14131a02e2c19600" score = 75 quality = 90 @@ -3336,8 +3336,8 @@ rule REVERSINGLABS_Linux_Trojan_Acidrain : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-05-10" modified = "2024-05-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Linux.Trojan.AcidRain.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Linux.Trojan.AcidRain.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5b47a0de8bda09d217f8a148e561f3da7ce4945f011f4a9b5dbbca88157d3080" score = 75 quality = 90 @@ -3397,8 +3397,8 @@ rule REVERSINGLABS_Win32_Trojan_Isaacwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-03-02" modified = "2022-03-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c9fa43f44c33816a66f61255d101294da63df1afc5a27ed5817072040cd1eec5" score = 75 quality = 90 @@ -3475,8 +3475,8 @@ rule REVERSINGLABS_Win32_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-11-28" modified = "2023-11-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d75954c05a8f82ad90a4adf6a2a3748928488ddebe40d8f8a790bfcde0b02a11" score = 75 quality = 90 @@ -3573,8 +3573,8 @@ rule REVERSINGLABS_Win32_Trojan_Hermeticwiper : TC_DETECTION MALICIOUS MALWARE F date = "2022-02-24" modified = "2022-02-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0fa519ce8285ffe4e49c2a301e8a0fd0516a05dc6b41ee0b010fdc76dd6e195e" score = 75 quality = 90 @@ -3626,8 +3626,8 @@ rule REVERSINGLABS_Win32_Trojan_Caddywiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-03-15" modified = "2022-03-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "178ff4171c09866f6b303bdff234beff1116d268995ee4dc236332e472d645b1" score = 75 quality = 90 @@ -3713,8 +3713,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dualshot : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-20" modified = "2020-11-20" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a401369357901f42ad83227b025d3b14b3acd1f50705da82afbe8e4f85501919" score = 75 quality = 90 @@ -3817,8 +3817,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seedlocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a478efcfb03e3eeebe72d9a71629456cf061c3c779fbdde99539854caf8c7c33" score = 75 quality = 90 @@ -3910,8 +3910,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hentaioniichan : TC_DETECTION MALICIOUS MALW date = "2021-03-05" modified = "2021-03-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "153526e5a2f05bc8e3f77d83eefce6b4cd962ea093b6f1c0ab8fcabe8d8a7ad9" score = 75 quality = 90 @@ -4038,8 +4038,8 @@ rule REVERSINGLABS_Win32_Ransomware_Knot : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-03-19" modified = "2021-03-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a7a3e13139d68314e583ec225a5d56373a551e67d46984dcf9a228a1f7275f14" score = 75 quality = 90 @@ -4148,8 +4148,8 @@ rule REVERSINGLABS_Win32_Ransomware_Serpent : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5e1917e8d23a5edc65ac423f3d18cc78c3848bd6c1ccc67d052eb37172857081" score = 75 quality = 90 @@ -4272,8 +4272,8 @@ rule REVERSINGLABS_Win64_Ransomware_Rook : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-01-17" modified = "2022-01-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dc8b37e55b634de52855dd851dbaaf3e690adfb2e875d0e0c9ef5f4846c6ff30" score = 75 quality = 90 @@ -4382,8 +4382,8 @@ rule REVERSINGLABS_Win32_Ransomware_Farattack : TC_DETECTION MALICIOUS MALWARE F date = "2022-06-21" modified = "2022-06-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "af22b8110c2b545f083b443c7a1fa7e7639324e9188eefadfe1fe70ebb1bb7fb" score = 75 quality = 90 @@ -4468,8 +4468,8 @@ rule REVERSINGLABS_Win32_Ransomware_Winword64 : TC_DETECTION MALICIOUS MALWARE F date = "2021-02-11" modified = "2021-02-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73d8c4f1b3bed365320b26332f1f1b49404d8e6536f3e25042f5f64e5bc09bd4" score = 75 quality = 90 @@ -4670,8 +4670,8 @@ rule REVERSINGLABS_Win32_Ransomware_Princesslocker : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5be4ca3bd0b0afed1d2f3a59e2951d74a8de94c5a4d5a2c6cc29add49eab9ec0" score = 75 quality = 90 @@ -4765,8 +4765,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ouroboros : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b573f303318452010ff46f21a02b6290820f9a27bf4c51b72f6ed15263b5f433" score = 75 quality = 90 @@ -4924,8 +4924,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cring : TC_DETECTION MALICIOUS MALWA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "05cf60ad39c9dcc592345f13b63c99b153b9253297a8ad9e52e0439081d8c796" score = 75 quality = 90 @@ -4987,8 +4987,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Harpoonlocker : TC_DETECTION MALICIO date = "2022-01-27" modified = "2022-01-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "20587f9dce5981934498d9979843a090224ba649def8b694adf7799b7060cc25" score = 75 quality = 90 @@ -5076,8 +5076,8 @@ rule REVERSINGLABS_Win32_Ransomware_Rokku : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fefb342f8a9afac3b40c343b830f334225ff4198d55504846aa855acf5dfc9ba" score = 75 quality = 90 @@ -5214,8 +5214,8 @@ rule REVERSINGLABS_Win32_Ransomware_Medusalocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73f915d476d1411d2e008d00c5ffa03596e3b62bcdbc4d91dc7226599a066c08" score = 75 quality = 90 @@ -5367,8 +5367,8 @@ rule REVERSINGLABS_Win32_Ransomware_Termite : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-08-31" modified = "2020-08-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "df273de81fc58cb0bacf021ee539ec6dbfa1f1a3e13bd46519ee313595cafb4c" score = 75 quality = 90 @@ -5511,8 +5511,8 @@ rule REVERSINGLABS_Win64_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE date = "2022-12-13" modified = "2022-12-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "79c81a4470e9eabbd714b1a91621c7b2bbe42d5371ba2c799529662d5f5c479a" score = 75 quality = 90 @@ -5758,8 +5758,8 @@ rule REVERSINGLABS_Win32_Ransomware_Garrantydecrypt : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7194c1e0e15a89f2c691a7d586b9db68295cc52a5f042d0f7eb558c326430444" score = 75 quality = 90 @@ -5840,8 +5840,8 @@ rule REVERSINGLABS_Win64_Ransomware_Albabat : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-03-18" modified = "2024-03-18" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "38ec8388b9006f6ab9a397858b89f4bfd7def2ffcf525cfc736abae49bc6034a" score = 75 quality = 90 @@ -5964,12 +5964,12 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE description = "Yara rule that detects Oct ransomware." author = "ReversingLabs" id = "e811a0ba-52df-5e88-ab71-df91d5cb584a" - date = "2024-10-24" - date = "2024-10-24" + date = "2024-10-01" + date = "2024-10-01" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3973794d6bf26eaa752cfc70a217c059a190c63a0dd92b06de7c0893d92d9e88" score = 75 quality = 90 @@ -6029,8 +6029,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Policerecords : TC_DETECTION MALICIO date = "2022-08-02" modified = "2022-08-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "55cb1a5d030c47abb1a9ca9970fb19b3124128e409bc9515c173c33b2bb49a16" score = 75 quality = 90 @@ -6098,8 +6098,8 @@ rule REVERSINGLABS_Win32_Ransomware_Delphimorix : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6d401d488d57b2d75e93a1dfd47ece687a5791d1f0a52768300f4af8a8787212" score = 75 quality = 90 @@ -6162,8 +6162,8 @@ rule REVERSINGLABS_Win32_Ransomware_Denizkizi : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbeb01263d6f68141e094ba8fb1c1a54c601ab24292f5c6b0eb8cb0c49f46afc" score = 75 quality = 90 @@ -6244,8 +6244,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Apis : TC_DETECTION MALICIOUS MALWAR date = "2021-11-25" modified = "2021-11-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0915469884a268f124da348d6a182eb4a0f69063d4041b46628794ab011227ef" score = 75 quality = 90 @@ -6313,8 +6313,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostbin : TC_DETECTION MALICIOUS MA date = "2021-09-06" modified = "2021-09-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3881e1c83ac2a31fdd8a081d3e6e6ea759771dbc183c3af9528930619bcddf9e" score = 75 quality = 90 @@ -6368,8 +6368,8 @@ rule REVERSINGLABS_Win32_Ransomware_Tblocker : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "81f0077655ac0e59cd8dc05be602ae500c938668bd57d3cf4a51fbff2a5b6b83" score = 75 quality = 90 @@ -6448,8 +6448,8 @@ rule REVERSINGLABS_Win32_Ransomware_Clop : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0b63db16a4b1cae27a97d0ff9df692a63f1a11120ffac69c05a5c71fbd224007" score = 75 quality = 90 @@ -6549,8 +6549,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dearcry : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-12" modified = "2021-03-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40dde232255018e1bc0aadf2378a7a86a99327d13dda58d8ffc5bb38e164de26" score = 75 quality = 90 @@ -6641,8 +6641,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kovter : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3082e036b54a73ce8397cfa6e8dc2a807c587d9f17286e75af6cdbe622fae1e1" score = 75 quality = 90 @@ -6783,8 +6783,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_EAF : TC_DETECTION MALICIOUS MALWARE date = "2022-07-22" modified = "2022-07-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3d10c852f95e8aa9bcd3543b96650b98ac57bcd2aa2b374e0badb63b5a4c0396" score = 75 quality = 90 @@ -6864,8 +6864,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cobralocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "95f4c645c7c237d23b5028f824f78a5f9f8f0a4737b391d877582afe08264d7e" score = 75 quality = 90 @@ -6921,8 +6921,8 @@ rule REVERSINGLABS_Win32_Ransomware_Plague17 : TC_DETECTION MALICIOUS MALWARE FI date = "2021-02-19" modified = "2021-02-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e0e518fc83a62d70b83df273c6ba469e6f0fdf9c035126428ec7561e04437b6f" score = 75 quality = 90 @@ -7167,8 +7167,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomexx : TC_DETECTION MALICIOUS MALWARE F date = "2020-11-26" modified = "2020-11-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "27b4132b7f16cafc40687e96a552ce59cc24ebf7679575680f170e3beee8a0a9" score = 75 quality = 90 @@ -7304,8 +7304,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Khonsari : TC_DETECTION MALICIOUS MA date = "2022-01-27" modified = "2022-01-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1003b7863215bcd8e5cdce8ce40551105fb668ea2b8ac765909f9fa5373e6ca" score = 75 quality = 90 @@ -7366,8 +7366,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wsir : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-08-02" modified = "2022-08-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c22c01f93945c7721ebfe5e7a09c3bf2b9d0ad95740bc0a76b4e61741f61d82c" score = 75 quality = 90 @@ -7433,8 +7433,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lorenz : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-10-24" modified = "2022-10-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b8668fcc560d264c37e3fbb52d5a5f1223a282abd9e984b3109efe9ab454be9f" score = 75 quality = 90 @@ -7645,8 +7645,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ophionlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c54a948a6a45ec5f5bc32fbbdbc8822f402b1332e9109b20b90635464dbe2ac" score = 75 quality = 90 @@ -7750,8 +7750,8 @@ rule REVERSINGLABS_Win64_Ransomware_Curator : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-04-22" modified = "2021-04-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8bd29195cea0f1194e27c48ed07c52100abb7dd3de2ef7f51a645d32c3527eb3" score = 75 quality = 90 @@ -7837,8 +7837,8 @@ rule REVERSINGLABS_Win64_Ransomware_Pandora : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-06-01" modified = "2022-06-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6576bde36ae9a9bc2e9dd878db788c608083b84d96d31e6898f48a264c6b7f1a" score = 75 quality = 90 @@ -7927,8 +7927,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wannacry : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fed58b533a9f7c3eb1b3e4f8fbe1f519aab94d1c066ae6937c21876693be0eac" score = 75 quality = 90 @@ -8053,8 +8053,8 @@ rule REVERSINGLABS_Linux_Ransomware_Kraken : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4a3867aba4dbdce5d008331a3058f57b00db246975fc4d77b79ab49d5f0bbb15" score = 75 quality = 90 @@ -8192,8 +8192,8 @@ rule REVERSINGLABS_Win32_Ransomware_Reveton : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2d316c558cdb5591788ef89c6e20327882a118f2928f4a31fb5b8b3083931ac5" score = 75 quality = 90 @@ -8304,8 +8304,8 @@ rule REVERSINGLABS_Win64_Ransomware_Solaso : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-02" modified = "2021-11-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "368a80a9f2e264d17c61d6ed4c22baec838ba0b0bc2e5c79344830bf861aa5a2" score = 75 quality = 90 @@ -8466,8 +8466,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Pacman : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0634303a4db2631edb40a9435444f3bdc4bc6eb745c7e43a54478e54e7507403" score = 75 quality = 90 @@ -8537,8 +8537,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marsjoke : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "298b2fd99793a15b3537853289e1337648d3fa84f12038e6f6831741404b7c5c" score = 75 quality = 90 @@ -8697,8 +8697,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lechiffre : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0b96f5f48700f2cba22da91187b3111946074e9cc58a502f25d7b96059a043cb" score = 75 quality = 90 @@ -8820,8 +8820,8 @@ rule REVERSINGLABS_Win32_Ransomware_Encoded01 : TC_DETECTION MALICIOUS MALWARE F date = "2021-12-16" modified = "2021-12-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6f872290f15f4c564911bb099824c47cb13164457e1bcdb02dee441bc2d6b6a" score = 75 quality = 90 @@ -8949,8 +8949,8 @@ rule REVERSINGLABS_Win32_Ransomware_Acepy : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-08-04" modified = "2022-08-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "92c543a0b8c3c884f83647119d32c7b46f5fe839694bb8a8de0146c5c77bc587" score = 75 quality = 90 @@ -9012,8 +9012,8 @@ rule REVERSINGLABS_Win32_Ransomware_Archiveus : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b8a42b98ab3e8b97d2e226e979f342a6a72f21d8f068f59c21ad95764077f8a" score = 75 quality = 90 @@ -9061,8 +9061,8 @@ rule REVERSINGLABS_Win32_Ransomware_Meow : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-10-24" modified = "2022-10-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b00753d2b150a815279297ddf40d70051d25de1c32bb90f5b706ea7fd36bb871" score = 75 quality = 90 @@ -9138,8 +9138,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dragon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-30" modified = "2020-10-30" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7298c5681deaf04abb6a656cefc09b5ee4096ff7a5028caab1d7b107e97be90a" score = 75 quality = 90 @@ -9274,8 +9274,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptojoker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "42ee1e63ada1ae986f43a1300eda0b1fa7b54c26be31ef5637bb321defffbe40" score = 75 quality = 90 @@ -9411,8 +9411,8 @@ rule REVERSINGLABS_Win32_Ransomware_Thanatos : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-13" modified = "2020-11-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a51fa9cf1a08e4cd252a8b385be3bfde909585e2a799baaede977e40ecff5313" score = 75 quality = 90 @@ -9493,8 +9493,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bandarchor : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1c0c33ef7de089fc7ed6b364c7693499d1a93f79a48d6f2a5c375e47aea176bc" score = 75 quality = 90 @@ -9588,8 +9588,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslacrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cc054be68d833d9f29a4ebd1c202922881b0d22a2605edc7def1048dc08f6325" score = 75 quality = 65 @@ -10181,8 +10181,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zhen : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-04-28" modified = "2021-04-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "17b24e7baeccd90b8695eb8d21d9ee4a317806ed7713252d315d06bee3f93e65" score = 75 quality = 90 @@ -10346,8 +10346,8 @@ rule REVERSINGLABS_Win32_Ransomware_Afrodita : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ce7cc445d4c1f59c25b9505fc1f7f9dd0d286ab80510e2977b50ff15433aea60" score = 75 quality = 90 @@ -10452,8 +10452,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarok : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aaa17ab98b59a5c8c71a2b82a9bf29dd3a1a1719deaf08a3bafa77895bc10311" score = 75 quality = 90 @@ -10554,8 +10554,8 @@ rule REVERSINGLABS_Win32_Ransomware_Guscrypter : TC_DETECTION MALICIOUS MALWARE date = "2020-11-26" modified = "2020-11-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cfe6005028c0e5f5d713af2a549574203678bab2ee48acc1727702bcf91522b1" score = 75 quality = 90 @@ -10674,8 +10674,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sherminator : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "22ac61b95f6ca4530e81a23fdd05be93e368647ca7100097a94eae3c6ce3b7d1" score = 75 quality = 90 @@ -10820,8 +10820,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ladon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "979e3f3bf6a67bf10b6bfdd2eeb722d8836096076b7e88c6d4aca041a1a9eecb" score = 75 quality = 90 @@ -10914,8 +10914,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gibon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cace0f35529307487f39aace6ae8989c7b878f82ebe890b256dfac563551a099" score = 75 quality = 90 @@ -11031,8 +11031,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satan : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0074090c2a6cc483deffdc83dc1c0bfbd150e201c27e54f998dd2c0a7660f917" score = 75 quality = 90 @@ -11175,8 +11175,8 @@ rule REVERSINGLABS_Win32_Ransomware_MZP : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "724ae1033bfb8ff494b30e6b3333e6c848375f1b001b75e71c9444c9f9f31251" score = 75 quality = 90 @@ -11306,8 +11306,8 @@ rule REVERSINGLABS_Win32_Ransomware_Braincrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "85866d6ffa136bf3ed27bbab55ae5430af4a1363930ebacab0df9ad24f8734cb" score = 75 quality = 90 @@ -11426,8 +11426,8 @@ rule REVERSINGLABS_Win32_Ransomware_Magniber : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "05b516f9b466489ea3a30e2fe5eb08290e85ece7a63e29e8bbbeb81c87d0a6f1" score = 75 quality = 90 @@ -11536,8 +11536,8 @@ rule REVERSINGLABS_Win32_Ransomware_Desucrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bd3ba8ea0fc16aad859a73628d0eda180d49298162fe239acf81c7c4e371eaad" score = 75 quality = 90 @@ -11629,8 +11629,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptowall : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "74baa04ee506732e0bb64a77cfd2d2216fcc978f13447ef07862e0116c093c14" score = 75 quality = 88 @@ -11916,8 +11916,8 @@ rule REVERSINGLABS_Win32_Ransomware_Flamingo : TC_DETECTION MALICIOUS MALWARE FI date = "2021-04-14" modified = "2021-04-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "446c0d332af01c0fceb0356d5ab273eb55764869cc8343468b75625e5d4d1036" score = 75 quality = 90 @@ -11968,8 +11968,8 @@ rule REVERSINGLABS_Win32_Ransomware_Good : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6737853a77a6008f9fd2141bb6b13d595f1cb7e832be944596f709e1fcdf8003" score = 75 quality = 90 @@ -12044,8 +12044,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fenixlocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "72712616df2c73c5c17696a7c5cb93f767910acf5f49cda27373fccfa29c5a4d" score = 75 quality = 90 @@ -12187,8 +12187,8 @@ rule REVERSINGLABS_Win32_Ransomware_Infodot : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-02-16" modified = "2021-02-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24a1c25c1d70c21323417ae0892c613361c4bfc829737ef86b6fa7616ae668c6" score = 75 quality = 90 @@ -12297,8 +12297,8 @@ rule REVERSINGLABS_Win32_Ransomware_Techandstrat : TC_DETECTION MALICIOUS MALWAR date = "2021-05-17" modified = "2021-05-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "80e201cf91adeee100e05af3ba5227fc61968bb6e0ce602107ba1217a7a62856" score = 75 quality = 90 @@ -12394,8 +12394,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jemd : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "552e0fc118031e953dee2e7c6bf8234a5a90de8c34b0e2724dfe99f2b28b8c51" score = 75 quality = 90 @@ -12491,8 +12491,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackmoon : TC_DETECTION MALICIOUS MALWARE F date = "2020-11-11" modified = "2020-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "428409096a8637978bf2a1efb3238e4ba87715a909693b0cd26c0f689d567a09" score = 75 quality = 90 @@ -12558,8 +12558,8 @@ rule REVERSINGLABS_Win32_Ransomware_Pay2Key : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-04-14" modified = "2021-04-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2497504f3afc99523cb29e51652a24f4374316d57d4baf5cde8d22e75a425585" score = 75 quality = 90 @@ -12649,8 +12649,8 @@ rule REVERSINGLABS_Linux_Ransomware_Redalert : TC_DETECTION MALICIOUS MALWARE FI date = "2022-09-01" modified = "2022-09-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fe0d10c2ef1dacdb5374f319e470274b91f4f171db49de8c89e8aaa9aa75a45c" score = 75 quality = 90 @@ -12783,8 +12783,8 @@ rule REVERSINGLABS_Win32_Ransomware_Velso : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "602be848a26106a1bd46cfc515578f0628687e6cb352e609a274220a61bcb620" score = 75 quality = 90 @@ -12996,8 +12996,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Zerolocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "147e4b390bcfaff8f05059c1d9a98b50f544fc32e820406417894fe5046e0f71" score = 75 quality = 90 @@ -13069,8 +13069,8 @@ rule REVERSINGLABS_Win32_Ransomware_HDMR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "035c6596db8dc14a663679c1f7e682b85963927cc034b01e390cc22fdee3334a" score = 75 quality = 90 @@ -13219,8 +13219,8 @@ rule REVERSINGLABS_Win32_Ransomware_Conti : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-12-14" modified = "2020-12-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4f2b96c8eaf8d112a7bb60647db49616935a336396c705d39d5bb51dfd90c60b" score = 75 quality = 90 @@ -13290,8 +13290,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypmic : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ee97c4d35cee68e080a4e9e0a21ecd3698da638463881a58f5daaf906ef86f75" score = 75 quality = 90 @@ -13347,8 +13347,8 @@ rule REVERSINGLABS_Win32_Ransomware_District : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.District.yara#L1-L194" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.District.yara#L1-L194" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9ce395636fd7719f503726df82998e1ac72e9e80fd7a4534bd2251ac9283af38" score = 75 quality = 90 @@ -13525,8 +13525,8 @@ rule REVERSINGLABS_Win32_Ransomware_Atlas : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1486f931ec096a00d913de0568ddd8aa5a091256445bc28aba90e3e194ebd045" score = 75 quality = 90 @@ -13625,8 +13625,8 @@ rule REVERSINGLABS_Win32_Ransomware_Defray : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "82d883c77f49e50edbc7af05a108d4d54a46dca7661e4d0cd8aeffa19cb8df98" score = 75 quality = 90 @@ -13766,8 +13766,8 @@ rule REVERSINGLABS_Win32_Ransomware_Motocos : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-09-17" modified = "2021-09-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "34b99847f029a291808f08ba6e6ae62a54e6fed5acc928fe4828054801786881" score = 75 quality = 90 @@ -13835,8 +13835,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeoticus : TC_DETECTION MALICIOUS MALWARE FI date = "2021-03-19" modified = "2021-03-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "adf42b96139ad98f4253f3eba2c4af1be9545825605e0851185cc15284d9e9a0" score = 75 quality = 90 @@ -13918,8 +13918,8 @@ rule REVERSINGLABS_Win32_Ransomware_Maktub : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ee3213213e9521f7d19ce6340cd2f98057c22b1188ceefc30c17c18b6ec54e20" score = 75 quality = 90 @@ -14037,8 +14037,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dmalocker : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "107dbc4cacd9d451e9c6fe8aa91cd612f70ac767ee70f74f3a77d1e5548b054f" score = 75 quality = 90 @@ -14178,8 +14178,8 @@ rule REVERSINGLABS_Win32_Ransomware_Henry : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-06-14" modified = "2021-06-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e6ab2a8a344d40407118e29ff78f5a0144f42a0fbdee19a80b341b59f056d292" score = 75 quality = 90 @@ -14248,8 +14248,8 @@ rule REVERSINGLABS_Win32_Ransomware_Darkside : TC_DETECTION MALICIOUS MALWARE FI date = "2021-05-17" modified = "2021-05-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "128af9a1b143e4b0928dd2b243e69497be906175f44815cc5703f17cce48ec9d" score = 75 quality = 90 @@ -14332,8 +14332,8 @@ rule REVERSINGLABS_Win32_Ransomware_MRAC : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-02-21" modified = "2022-02-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "04e8364dc9c726f4bb2d3035e5b7e8dab4cae124b2f047be6f11b865fab557a7" score = 75 quality = 90 @@ -14395,8 +14395,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostencryptor : TC_DETECTION MALICI date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "85c1f6e5acf746388b0a9ddeb1f0ad1d2219fff7358c9a981849863155c13e3c" score = 75 quality = 90 @@ -14456,8 +14456,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hakunamatata : TC_DETECTION MALICIOUS MALWAR date = "2020-11-11" modified = "2020-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e363ff93fce286d60a3f5ea20ba3ec03564b7a5321c3f6448cc82187f23e8a9f" score = 75 quality = 90 @@ -14817,8 +14817,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crysis : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c9250206f94ac65c1fc24e83cf8cdd76d10066086ef1f34ec14791d237c0263" score = 75 quality = 90 @@ -14921,8 +14921,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marlboro : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-23" modified = "2020-07-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d36c3cf52af47e9f638f58aabc19298e8c58831c3083f82e4c194319503eeaaa" score = 75 quality = 90 @@ -15033,8 +15033,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seth : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-04-02" modified = "2021-04-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "72a9d902eea2381f40d42faa7f1686c4ca54d364af0cbd8711697bbc1a235646" score = 75 quality = 90 @@ -15147,8 +15147,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dharma : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6f33281523b462aaff68bb04f2f6869c3e6cd60cd9306ed80bb0c3e3b699f315" score = 75 quality = 90 @@ -15256,8 +15256,8 @@ rule REVERSINGLABS_Win32_Ransomware_Saturn : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-19" modified = "2020-10-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "efa748346ad8c46e654542d302e81d633a2d12f421636c477431a12a34636132" score = 75 quality = 90 @@ -15356,8 +15356,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpcode : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "329309873977f73a8ebe758018ebc8ba42e15c3c7cbb9a65865631d235f5bb48" score = 75 quality = 90 @@ -15421,8 +15421,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bluelocker : TC_DETECTION MALICIOUS MALWARE date = "2022-08-04" modified = "2022-08-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbe5f246f4554e63b5da6a0aca169e8221a84fce18fd437ae7ad9b068e9ca576" score = 75 quality = 90 @@ -15542,8 +15542,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wasplocker : TC_DETECTION MALICIOUS MALWARE date = "2022-06-28" modified = "2022-06-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "852ec52328fca36d651e3176ac33a57ce26cefecadc2aad27235548e5b9813c1" score = 75 quality = 90 @@ -15612,8 +15612,8 @@ rule REVERSINGLABS_Linux_Ransomware_Luckyjoe : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1e7df2c45bee072af233cf8f355a84ec931fe96afa3fbdcd225dded1b75ea961" score = 75 quality = 90 @@ -15748,8 +15748,8 @@ rule REVERSINGLABS_Win32_Ransomware_Shadowcryptor : TC_DETECTION MALICIOUS MALWA date = "2021-02-11" modified = "2021-02-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "875150db9fc36cd992988bba7d0c05487418b901980bf428ebd427c82fbcacd7" score = 75 quality = 90 @@ -15830,8 +15830,8 @@ rule REVERSINGLABS_Win32_Ransomware_Networm : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-07-05" modified = "2021-07-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ff9bcb9868522f9d4abf2ab9f94d5b7c9b009e5c6d0cf832c7d052f18e048b31" score = 75 quality = 90 @@ -15925,8 +15925,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bam2021 : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-09-17" modified = "2021-09-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5b717510991b78f07806e88f3dfe1c27d6ec1ec21af61a7c4f1edf7c915785d5" score = 75 quality = 90 @@ -16075,8 +16075,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vegalocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8616e72fc435676179e83a304d4111c8f29ebf3cd79ff5b2d229cca8fc97c2a3" score = 75 quality = 90 @@ -16171,8 +16171,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Moisha : TC_DETECTION MALICIOUS MALW date = "2022-10-11" modified = "2022-10-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "89cefbbb8ec722216721bb43eb14cc33fcd4671585051359a06b62236cbf3a6c" score = 75 quality = 90 @@ -16249,8 +16249,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timecrypt : TC_DETECTION MALICIOUS M date = "2021-12-06" modified = "2021-12-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6849d6d5010d7bcb4052c10d5bd7cc29320ffc986f36289b272a1e9a8d14fab9" score = 75 quality = 90 @@ -16308,8 +16308,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Eternity : TC_DETECTION MALICIOUS MA date = "2022-07-22" modified = "2022-07-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a2298a26e9bbe2b779eb2afeeda28d4321bc2d26db46bbb377bf86abaf8fa929" score = 75 quality = 90 @@ -16372,8 +16372,8 @@ rule REVERSINGLABS_Win64_Ransomware_DST : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-12-06" modified = "2021-12-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b658093232a2265d425e3b38758268c116bbac51fa5eed372b5b4f00de4c6880" score = 75 quality = 90 @@ -16531,8 +16531,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Retis : TC_DETECTION MALICIOUS MALWA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3e3429041acc5730b009916efbcd35c7cfd2b2877dc1d2cf980f7fb7d399d532" score = 75 quality = 90 @@ -16602,8 +16602,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeppelin : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8fb07e49d2ff9d497fb36a5d901748315ae519f5ef845d1a5ec6341d0eb1f68c" score = 75 quality = 90 @@ -16700,8 +16700,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kawaiilocker : TC_DETECTION MALICIOUS MALWAR date = "2020-08-17" modified = "2020-08-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d86b41ef1c43da55869ad26facd5efdf232277f0e33483690a69a04c4ba8f7da" score = 75 quality = 90 @@ -16837,8 +16837,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cuba : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0a8dea6e38a6407897b994ea119bc8b0712a94363b7b3942dcd32c65ee5548d4" score = 75 quality = 90 @@ -16955,8 +16955,8 @@ rule REVERSINGLABS_Win32_Ransomware_Telecrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9d856eae4369cd7ba1d88bd6ef37931e069127e2c05a84a44f5274f681e83fc0" score = 75 quality = 90 @@ -17065,8 +17065,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dirtydecrypt : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "eb6a1c376b0739848b523e741d0d1ebdbc87056d51931fb94c744aa094d6479f" score = 75 quality = 90 @@ -17171,8 +17171,8 @@ rule REVERSINGLABS_Win64_Ransomware_Awesomescott : TC_DETECTION MALICIOUS MALWAR date = "2020-09-16" modified = "2020-09-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ed8096a4abbd015f79f4ec7239cd4070194ad70fa03da6714e499a41f9fb9423" score = 75 quality = 90 @@ -17274,8 +17274,8 @@ rule REVERSINGLABS_Win64_Ransomware_Nokoyawa : TC_DETECTION MALICIOUS MALWARE FI date = "2022-06-06" modified = "2022-06-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "85b7d93db06007d0043b1489b532410ccc700cf082b641fff8a09de2ffe9101d" score = 75 quality = 90 @@ -17371,8 +17371,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timetime : TC_DETECTION MALICIOUS MA date = "2022-02-21" modified = "2022-02-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "43867dd793bc84e6f39ca2de1aff4047a742b295dc4df94cd337bd2ef89e4a62" score = 75 quality = 90 @@ -17436,8 +17436,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifrelendi : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "430d3877c10c86fcb19b5624dd8886d61e54ccd0453678329309b49712c6d5c6" score = 75 quality = 90 @@ -17501,8 +17501,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sarbloh : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-05-21" modified = "2021-05-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7259aa9d1fe657db220ee50f1610e6439ff61673d92f46ebc3b8cadd990f002c" score = 75 quality = 90 @@ -17585,8 +17585,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gomer : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-08" modified = "2020-10-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a53d37fcb877a12a4969a6ea1aaa67fc4106c3fbdd80a4fd39ad5a66a9df47fc" score = 75 quality = 90 @@ -17683,8 +17683,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badblock : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "421e6a3772eeec6ef0cbb2427b7e044b450a2b2146cee2ca7d8c3a3a92918557" score = 75 quality = 90 @@ -17781,8 +17781,8 @@ rule REVERSINGLABS_Win32_Ransomware_Torrentlocker : TC_DETECTION MALICIOUS MALWA date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1aa523fa95e142b7e421286d26918e3da4bd3e268fef3f98f00820296291bfc" score = 75 quality = 90 @@ -17877,8 +17877,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransoc : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1f48f1b713c18b099e863d8a11e872ae84df0ea355f01cba765e8333d8d98575" score = 75 quality = 90 @@ -17993,8 +17993,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avaddon : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-10-19" modified = "2020-10-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1b2c449d5bad02dd06cb4a980fcca1feaf02b1d8127096bb39deecbc544272a6" score = 75 quality = 90 @@ -18126,8 +18126,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryakl : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "51d50ab1ce021e2facbca3a35af372186287a8d69b66651c9804234a409d9932" score = 75 quality = 90 @@ -18191,8 +18191,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jamper : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "826f8fa7cc92b279c609a9ab6a87c32940e37b4c2476854af75bbed29cb3eaf2" score = 75 quality = 90 @@ -18294,8 +18294,8 @@ rule REVERSINGLABS_Win32_Ransomware_5Ss5C : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "74fcec568906a01dade7091c63cffbe4afa49c4705d9c1f21d10b4eee655a805" score = 75 quality = 90 @@ -18544,8 +18544,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wastedlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-12-07" modified = "2020-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0899d3cc3bcea8eae60689a54f34e57bdc52088c879c8420b8e6d0b1969cb186" score = 75 quality = 90 @@ -18626,8 +18626,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lolkek : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-23" modified = "2020-10-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d18545b25a33bba1a6e01ab37768bd4f15fb125dcb8cbe7909d9a8bbe08e63fa" score = 75 quality = 90 @@ -18724,8 +18724,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Tarrak : TC_DETECTION MALICIOUS MALW date = "2021-09-06" modified = "2021-09-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a8c4c4a501d94da94ae4a2e1eb2846e841249659be64dd45f46584885d000635" score = 75 quality = 90 @@ -18806,8 +18806,8 @@ rule REVERSINGLABS_Win32_Ransomware_Redeemer : TC_DETECTION MALICIOUS MALWARE FI date = "2022-01-17" modified = "2022-01-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "28287f6620a2f7a90057d1f97947e065721119e26398fe659331dc5fe99761de" score = 75 quality = 90 @@ -18903,8 +18903,8 @@ rule REVERSINGLABS_Win32_Ransomware_Koxic : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-04-21" modified = "2022-04-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "739faf047b95fd538422a42943fcaad6538549bf4cf33ed91385c61365af4f09" score = 75 quality = 90 @@ -18983,8 +18983,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nefilim : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fae0350e51aee2777475d2222848b30fd39fa39ceea260132b0c7fbc536b3a86" score = 75 quality = 90 @@ -19119,8 +19119,8 @@ rule REVERSINGLABS_Win32_Ransomware_Paradise : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fc029bee999ec72416ac91d8386d4d270070035ad078bcab1dec11eea032c10b" score = 75 quality = 90 @@ -19202,8 +19202,8 @@ rule REVERSINGLABS_Win32_Ransomware_Revil : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24a79477eb797d7a7121d1248ebbece833ccd256de55729ff96084135ce8d426" score = 75 quality = 90 @@ -19293,8 +19293,8 @@ rule REVERSINGLABS_Win32_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6148e6fc1363ff8995a9100e07139bfa658c72892db4d30a973bad0f2b3e6c3f" score = 75 quality = 90 @@ -19376,8 +19376,8 @@ rule REVERSINGLABS_Win32_Ransomware_Makop : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-30" modified = "2020-10-30" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ff4739d32b4a775d07a5f22d551ed67025681d4986e4404c9a01ad4078468f3" score = 75 quality = 90 @@ -19468,8 +19468,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Goodwill : TC_DETECTION MALICIOUS MA date = "2022-06-28" modified = "2022-06-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "94e2950f415ba737fe5ca9d32a3d850dd5744e547c4ca094ad28545e19033cb2" score = 75 quality = 90 @@ -19546,8 +19546,8 @@ rule REVERSINGLABS_Win32_Ransomware_Prometey : TC_DETECTION MALICIOUS MALWARE FI date = "2021-06-07" modified = "2021-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f14c9605e2d375176b461fd396be66754b0ace7dcaada8ca33ad86f6eda10b73" score = 75 quality = 90 @@ -19694,8 +19694,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptolocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08430b0c5689840d592bdda5dbc2ed06e0d0fa1e2c0f19aff4316580c6a0b23d" score = 75 quality = 90 @@ -19834,8 +19834,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nanolocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7fdb021f22d97bf8a00fd856ef913695a0d6fbaad1138b5a5cc2cc8768b130be" score = 75 quality = 90 @@ -19914,8 +19914,8 @@ rule REVERSINGLABS_Win32_Ransomware_Alcatraz : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-28" modified = "2020-07-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ddd35c8da0c08bce17cacfba8bb8a8b8a8c08c3e59261a88a79c63b03d29000f" score = 75 quality = 90 @@ -20010,8 +20010,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bitcrypt : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "66cfe16a182e7f20d6358be9569ada5e6c36c94d44781d8c741638e1b174d44e" score = 75 quality = 90 @@ -20117,8 +20117,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lockbit : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-03-31" modified = "2022-03-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "030222bd659c7e0e03858fa062067b1483aca3b7973cce19a1e7cdbb48d4405c" score = 75 quality = 90 @@ -20360,8 +20360,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sevensevenseven : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "583a8ac746cd749bd3927f10c864a3ac84f82f8bbd8d0ebf117e22b016d7ca94" score = 75 quality = 90 @@ -20485,8 +20485,8 @@ rule REVERSINGLABS_Linux_Ransomware_Gwisinlocker : TC_DETECTION MALICIOUS MALWAR date = "2022-10-11" modified = "2022-10-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c23c0b73bbefbd644ffe1398e1f14eec3a89945cb3c3ccbc6f46c57046b53505" score = 75 quality = 90 @@ -20794,8 +20794,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cicada3301 : TC_DETECTION MALICIOUS MALWARE date = "2024-10-09" modified = "2024-10-09" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Cicada3301.yara#L1-L309" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Cicada3301.yara#L1-L309" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9479667fd4c7f865607ece6af985ab6fa7b62f98738c338e4155059551db8a21" score = 75 quality = 90 @@ -21077,8 +21077,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslarvng : TC_DETECTION MALICIOUS MALWARE F date = "2020-12-14" modified = "2020-12-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "670621aa196a80fbb694e4b1690d7da60e881c5b826133939e61cd6c2406ea98" score = 75 quality = 90 @@ -21205,8 +21205,8 @@ rule REVERSINGLABS_Win32_Ransomware_FCT : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b158ad56c92a926f7398a27b3576c259e39c9716ef192fa5944ce3cffdc6d7d0" score = 75 quality = 90 @@ -21287,8 +21287,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hydracrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "910a6f23f06cecb8d3115ebfed42a66412dbd0d3a519e39f21df81b0c2028f48" score = 75 quality = 90 @@ -21443,8 +21443,8 @@ rule REVERSINGLABS_Win32_Ransomware_Xorist : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c428838cdd103f62508a23c9333b08567625291e110aa437324ecf37c62dca36" score = 75 quality = 90 @@ -21576,8 +21576,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nemty : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dc8cfdcdea8ecb2018b1b04bb1b645f6dbdc6c07357719100677c75945edef40" score = 75 quality = 90 @@ -21761,8 +21761,8 @@ rule REVERSINGLABS_Win32_Ransomware_Notpetya : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "328f0e527fee2145879ee13c003d375db832f7f3eacf7a1eb303393c1c8b5a36" score = 75 quality = 90 @@ -21835,8 +21835,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jsworm : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8ba5e2f29f5f06e6e6714bbba1129862da8c3a83bf7f296818eddee2593cae38" score = 75 quality = 90 @@ -21929,8 +21929,8 @@ rule REVERSINGLABS_Win32_Ransomware_Babuk : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-01-26" modified = "2021-01-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "70327b3f9d0b0505ade7ee6de6d7facf56820c7e8477bd172f738f374311144f" score = 75 quality = 90 @@ -22038,8 +22038,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Invert : TC_DETECTION MALICIOUS MALW date = "2021-11-11" modified = "2021-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1608b8bbfc03b18a79752e60f211da7d7703862bc06b2ddf094074ae5efd0d14" score = 75 quality = 90 @@ -22098,8 +22098,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jormungand : TC_DETECTION MALICIOUS MALWARE date = "2021-10-22" modified = "2021-10-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "049eb4533b37d8d72e50dd1e803a897758386643770d47b3e7690f58e44d5236" score = 75 quality = 90 @@ -22221,8 +22221,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "398f0e5e003f87edf90cdea718be6b10470df317214d00db4dc6c4cccc5b6748" score = 75 quality = 90 @@ -22323,8 +22323,8 @@ rule REVERSINGLABS_Win32_Ransomware_Erica : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "93512091943f3a3b395c38fa3b0f5ecdbbf1cdf967ccfea4d7145c940076e046" score = 75 quality = 90 @@ -22396,8 +22396,8 @@ rule REVERSINGLABS_Win32_Ransomware_NB65 : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-06-01" modified = "2022-06-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f8a0e265fc72a9f017b37ce4b6dbb878285a5d298ab1b8c69f9fde7159426981" score = 75 quality = 90 @@ -22458,8 +22458,8 @@ rule REVERSINGLABS_Win32_Ransomware_Juicylemon : TC_DETECTION MALICIOUS MALWARE date = "2020-08-17" modified = "2020-08-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "596d89843793307f4940dbb85b2e7081f02250f6adfdcd01f2d3c5f2b8b90875" score = 75 quality = 90 @@ -22577,8 +22577,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypren : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7047d48782762e42544063fde6f2be62eb19f22853ea84abb5bce67c962da172" score = 75 quality = 90 @@ -22709,8 +22709,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mountlocker : TC_DETECTION MALICIOUS MALWARE date = "2021-03-25" modified = "2021-03-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d203217c229d54802e96e19dc66d38ecb0443d19e0492efe337df471a99559dc" score = 75 quality = 90 @@ -22791,8 +22791,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vhdlocker : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "39d1fbfc79d5ea866498bb1e40d2290469df774ce65b1da04a85c0e4e5b4493c" score = 75 quality = 90 @@ -22933,8 +22933,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wildfire : TC_DETECTION MALICIOUS MA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d3be2eac7967853aae6e1317d9c22d95a3dc4b3e5bf8acbe97a7bbeabc9eab38" score = 75 quality = 90 @@ -23012,8 +23012,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fuxsocy : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-01" modified = "2021-03-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8b3c04eb5d60fcc82e47cb8e78da0a98642666546d6799baef24b56926e3aceb" score = 75 quality = 90 @@ -23121,8 +23121,8 @@ rule REVERSINGLABS_Win32_Ransomware_Major : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-01-26" modified = "2021-01-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "16fb7763e3806fca6937fef7e8b3d8bccd61cb39549061d359d630c7d266c270" score = 75 quality = 90 @@ -23368,8 +23368,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackcat : TC_DETECTION MALICIOUS MALWARE FI date = "2022-02-14" modified = "2022-02-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24932baa625aedd14b5776ba3209c9ee330e84538c5267eeb5e09e352f655835" score = 75 quality = 90 @@ -23465,8 +23465,8 @@ rule REVERSINGLABS_Win32_Ransomware_Matsnu : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "76ef1b4a292f27ccd904e80f0279a7a327f7399a21f2266ef3ea959e5339ffac" score = 75 quality = 90 @@ -23582,8 +23582,8 @@ rule REVERSINGLABS_Win32_Ransomware_Buran : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5606e0acecd99ccf2feaa995353211302903a09bb2c4ec65903566215e2d5ca4" score = 75 quality = 90 @@ -23666,8 +23666,8 @@ rule REVERSINGLABS_Win32_Ransomware_Spora : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4e18bb42277ce9194bf75fa45d95ea7e2bd51c5d7791d3d6e013fc07626e65b0" score = 75 quality = 90 @@ -23789,8 +23789,8 @@ rule REVERSINGLABS_Win32_Ransomware_IFN643 : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ced234018f1f05601dd3be55eaecd2a1e116ad0b7bb9e0292434f11f19916ebe" score = 75 quality = 90 @@ -23881,8 +23881,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Venom : TC_DETECTION MALICIOUS MALWA date = "2022-06-06" modified = "2022-06-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5817ece6a1cc304835f7fc243c4cfdc3c7cacd2251a9ac294a6662b58d2552e8" score = 75 quality = 90 @@ -23943,8 +23943,8 @@ rule REVERSINGLABS_Win64_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8321a4ace66ae48e3a6896daf02c184fa7767fa6bd10cd83b322ad01698008cf" score = 75 quality = 90 @@ -24106,8 +24106,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Chupacabra : TC_DETECTION MALICIOUS date = "2021-10-12" modified = "2021-10-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7f247778e0bd8057670abf42b2d1011ebae891ffcb21ebad50060f9a7986bf93" score = 75 quality = 90 @@ -24179,6 +24179,272 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Chupacabra : TC_DETECTION MALICIOUS condition: uint16(0)==0x5A4D and ( all of ($find_files_p*)) and ( all of ($encrypt_files_p*)) and ($drop_ransom_note) } +rule REVERSINGLABS_Win32_Ransomware_Cybervolk : TC_DETECTION MALICIOUS MALWARE FILE +{ + meta: + description = "Yara rule that detects CyberVolk ransomware." + author = "ReversingLabs" + id = "4d8bf096-d5c9-5a77-99e6-2c66e480da36" + date = "2024-11-27" + modified = "2024-11-27" + reference = "ReversingLabs" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CyberVolk.yara#L1-L293" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" + logic_hash = "59ed7c4f576fa7cd4cceb724d14f258598c140e434ed309fe2e599c3aaa667d9" + score = 75 + quality = 90 + tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + tc_detection_type = "Ransomware" + tc_detection_name = "CyberVolk" + tc_detection_factor = 5 + importance = 25 + + strings: + $manage_gui_p1 = { + 55 8B EC 83 E4 ?? 81 EC ?? ?? ?? ?? 8D 84 24 ?? ?? ?? ?? 56 8B 35 ?? ?? ?? ?? 57 50 + 6A ?? 6A ?? 6A ?? 6A ?? FF D6 8D 84 24 ?? ?? ?? ?? 50 8D 84 24 ?? ?? ?? ?? 68 ?? ?? + ?? ?? 50 E8 ?? ?? ?? ?? 8B 45 ?? 83 C4 ?? 3D ?? ?? ?? ?? 0F 87 ?? ?? ?? ?? 0F 84 ?? + ?? ?? ?? 83 F8 ?? 74 ?? 3D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 8B 35 ?? ?? ?? ?? 6A ?? FF + D6 6A ?? 8B F8 FF D6 8B 75 ?? 99 2B C2 6A ?? D1 F8 68 ?? ?? ?? ?? 2D ?? ?? ?? ?? 68 + ?? ?? ?? ?? 50 8B C7 99 2B C2 D1 F8 2D ?? ?? ?? ?? 50 6A ?? 56 FF 15 ?? ?? ?? ?? 6A + ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 33 C0 5F 5E 8B E5 5D C2 ?? ?? + 80 3D ?? ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 6A ?? 6A ?? FF 75 ?? FF 15 ?? ?? ?? ?? 50 FF + 15 ?? ?? ?? ?? 89 44 24 ?? 8D 84 24 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B + F0 83 C4 ?? BF ?? ?? ?? ?? 85 F6 74 ?? 56 8D 84 24 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 + ?? ?? ?? ?? 83 C4 ?? 8D 84 24 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8B F8 56 E8 ?? + ?? ?? ?? 83 C4 ?? 8D 44 24 ?? 4F 50 FF 75 ?? 89 7C 24 ?? FF 15 ?? ?? ?? ?? 8B F8 57 + 89 7C 24 ?? FF 15 ?? ?? ?? ?? FF 74 24 ?? 8B 35 ?? ?? ?? ?? 50 89 44 24 ?? FF D6 89 + 44 24 ?? 8D 44 24 ?? 50 6A ?? FF 74 24 ?? FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 6A + ?? FF 74 24 ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? 57 FF 15 ?? ?? ?? ?? 68 ?? + ?? ?? ?? 57 FF 15 ?? ?? ?? ?? 6A ?? 57 FF 15 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 68 ?? + ?? ?? ?? 68 ?? ?? ?? ?? 8D 44 24 ?? 50 FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? + 6A ?? 6A ?? 6A ?? 6A ?? 6A ?? 6A ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? 6A ?? 6A ?? FF 15 ?? + ?? ?? ?? 50 57 FF D6 8B 74 24 ?? B8 ?? ?? ?? ?? F7 EE B8 ?? ?? ?? ?? 03 D6 C1 FA ?? + 8B FA C1 EF ?? 03 FA F7 EE 03 D6 C1 FA ?? 8B CA C1 E9 ?? 03 CA 8B D1 C1 E2 ?? 2B D1 + } + $manage_gui_p2 = { + C1 E2 ?? 8B CE B8 ?? ?? ?? ?? 2B CA 51 69 CF ?? ?? ?? ?? 2B F1 F7 EE 03 D6 C1 FA ?? + 8B C2 C1 E8 ?? 03 C2 50 57 8D 84 24 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 + C4 ?? 8D 44 24 ?? 6A ?? 50 6A ?? 8D 84 24 ?? ?? ?? ?? 50 FF 74 24 ?? FF 15 ?? ?? ?? + ?? FF 74 24 ?? 8B 74 24 ?? 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 8D 44 24 ?? 50 + FF 75 ?? FF 15 ?? ?? ?? ?? 8D 84 24 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B + F0 83 C4 ?? 85 F6 0F 84 ?? ?? ?? ?? 8B 7C 24 ?? 8D 84 24 ?? ?? ?? ?? 57 68 ?? ?? ?? + ?? 50 E8 ?? ?? ?? ?? 8D 8C 24 ?? ?? ?? ?? 83 C4 ?? 8D 51 ?? 0F 1F 40 ?? 8A 01 41 84 + C0 75 ?? 56 2B CA 8D 84 24 ?? ?? ?? ?? 51 6A ?? 50 E8 ?? ?? ?? ?? 56 E8 ?? ?? ?? ?? + 83 C4 ?? 33 C0 5F 5E 8B E5 5D C2 ?? ?? 8B 3D ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? FF 75 + ?? FF D7 8B 35 ?? ?? ?? ?? 50 FF D6 8B 45 ?? 6A ?? 68 ?? ?? ?? ?? 50 FF D7 50 FF D6 + 8B 75 ?? 6A ?? 6A ?? 56 FF 15 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? ?? 89 44 24 ?? 8D 44 24 + ?? 50 56 FF 15 ?? ?? ?? ?? 50 89 44 24 ?? FF 15 ?? ?? ?? ?? FF 74 24 ?? 8B 3D ?? ?? + ?? ?? 50 89 44 24 ?? FF D7 8B F0 8D 44 24 ?? 50 6A ?? FF 74 24 ?? FF 15 ?? ?? ?? ?? + 68 ?? ?? ?? ?? 6A ?? 6A ?? FF 74 24 ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? FF + 74 24 ?? FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? FF 74 24 ?? FF 15 ?? ?? ?? ?? 6A ?? FF 74 + 24 ?? FF 15 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 44 24 + ?? 50 FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? 6A ?? 6A ?? 6A ?? 6A ?? 6A ?? 6A + ?? 68 ?? ?? ?? ?? 6A ?? 6A ?? 6A ?? 6A ?? FF 15 ?? ?? ?? ?? 50 FF 74 24 ?? FF D7 6A + ?? 8D 44 24 ?? 50 6A ?? 68 ?? ?? ?? ?? FF 74 24 ?? FF 15 ?? ?? ?? ?? 56 8B 74 24 + } + $manage_gui_p3 = { + 56 FF D7 56 FF 15 ?? ?? ?? ?? 8D 44 24 ?? 50 8B 45 ?? 50 FF 15 ?? ?? ?? ?? 33 C0 5F + 5E 8B E5 5D C2 ?? ?? 0F B7 45 ?? 3D ?? ?? ?? ?? 0F 87 ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? + 83 E8 ?? 0F 84 ?? ?? ?? ?? 2D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 8B 7D ?? 6A ?? 68 ?? ?? + ?? ?? 68 ?? ?? ?? ?? 57 FF 15 ?? ?? ?? ?? 83 F8 ?? 0F 85 ?? ?? ?? ?? 6A ?? 8D 44 24 + ?? C7 44 24 ?? ?? ?? ?? ?? 50 0F 57 C0 C6 44 24 ?? ?? 68 ?? ?? ?? ?? 57 0F 29 44 24 + ?? 0F 29 44 24 ?? FF 15 ?? ?? ?? ?? 8D 4C 24 ?? 8D 51 ?? 8A 01 41 84 C0 75 ?? 2B CA + 83 F9 ?? 74 ?? 6A ?? 6A ?? 68 ?? ?? ?? ?? 6A ?? FF 15 ?? ?? ?? ?? 33 C0 5F 5E 8B E5 + 5D C2 ?? ?? 8D 4C 24 ?? E8 ?? ?? ?? ?? 8D 84 24 ?? ?? ?? ?? C6 05 ?? ?? ?? ?? ?? 50 + 6A ?? 6A ?? 6A ?? 6A ?? FF D6 8D 84 24 ?? ?? ?? ?? 50 8D 84 24 ?? ?? ?? ?? 68 ?? ?? + ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 84 24 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? + ?? 8B F0 83 C4 ?? 85 F6 0F 84 ?? ?? ?? ?? 56 6A ?? 8D 44 24 ?? 6A ?? 50 E8 ?? ?? ?? + ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? 33 C0 5F 5E 8B E5 5D C2 ?? ?? 6A ?? FF 75 ?? FF 15 ?? + ?? ?? ?? B8 ?? ?? ?? ?? 5F 5E 8B E5 5D C2 ?? ?? 6A ?? 6A ?? FF 15 ?? ?? ?? ?? 8B F0 + 56 FF 15 ?? ?? ?? ?? 0F 10 05 ?? ?? ?? ?? 0F 11 00 0F 10 05 ?? ?? ?? ?? 0F 11 40 ?? + F3 0F 7E 05 ?? ?? ?? ?? 66 0F D6 40 ?? 66 8B 0D ?? ?? ?? ?? 66 89 48 ?? 8A 0D ?? ?? + ?? ?? 88 48 ?? EB ?? 3D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 6A ?? 6A ?? FF 15 ?? ?? ?? ?? + 8B F0 56 FF 15 ?? ?? ?? ?? 0F 10 05 ?? ?? ?? ?? 0F 11 00 0F 10 05 ?? ?? ?? ?? 0F 11 + 40 ?? 66 8B 0D ?? ?? ?? ?? 66 89 48 ?? 8A 0D ?? ?? ?? ?? 88 48 ?? 56 FF 15 ?? ?? ?? + ?? 6A ?? FF 15 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 56 6A ?? FF 15 ?? ?? ?? ?? FF 15 ?? ?? + ?? ?? 33 C0 5F 5E 8B E5 5D C2 ?? ?? 3D ?? ?? ?? ?? 75 ?? 81 7D + } + $find_files_v1_p1 = { + 55 8B EC B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 53 56 57 8B FA 8B D9 89 5D ?? 66 83 FF ?? 75 + ?? 80 3D ?? ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 6A ?? 50 + E8 ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B CB 89 45 ?? 83 C4 ?? 66 A1 ?? ?? ?? ?? 66 89 45 ?? + 8D 51 ?? 66 8B 01 83 C1 ?? 66 85 C0 75 ?? 2B CA D1 F9 81 F9 ?? ?? ?? ?? 0F 87 ?? ?? + ?? ?? 68 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? ?? 0F B7 0B 0F B7 95 ?? ?? + ?? ?? 8B D9 8B F2 8D 41 ?? 0F B7 C0 8D 4A ?? 89 45 ?? 66 83 F9 ?? 8D 46 ?? 0F B7 D0 + 8B C6 8B 35 ?? ?? ?? ?? 0F 47 D0 66 83 7D ?? ?? 8D 43 ?? 0F B7 C8 8B C3 0F 47 C8 66 + 3B D1 0F 85 ?? ?? ?? ?? 66 83 7D ?? ?? 8D 43 ?? 0F B7 C8 8B C3 8B 5D ?? 0F 47 C8 0F + B7 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 66 89 0B 68 ?? ?? ?? ?? 50 FF + D6 8D 8D ?? ?? ?? ?? 83 C4 ?? 8D 51 ?? 0F 1F 80 ?? ?? ?? ?? 66 8B 01 83 C1 ?? 66 85 + C0 75 ?? 2B CA 8D 85 ?? ?? ?? ?? D1 F9 51 50 53 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 74 ?? + 8B D7 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 5F 5E 5B 8B E5 5D C3 53 FF 15 ?? ?? ?? ?? A8 + ?? 0F 85 ?? ?? ?? ?? EB ?? 8B 5D ?? 53 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 FF D6 83 + C4 ?? 8D 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? ?? 8B F0 89 75 ?? 83 + FE ?? 0F 84 ?? ?? ?? ?? 8D 8D ?? ?? ?? ?? 8D 51 ?? 0F 1F 80 ?? ?? ?? ?? 66 8B 01 83 + C1 ?? 66 85 C0 75 ?? 2B CA D1 F9 81 F9 ?? ?? ?? ?? 0F 87 ?? ?? ?? ?? 8B 85 ?? ?? ?? + ?? 83 F8 ?? 0F 84 ?? ?? ?? ?? 3D ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? A8 ?? 0F 84 ?? ?? ?? + ?? 8D 4D ?? 8D 85 ?? ?? ?? ?? 66 8B 10 66 3B 11 75 ?? 66 85 D2 74 ?? 66 8B 50 ?? 66 + 3B 51 ?? 75 ?? 83 C0 ?? 83 C1 ?? 66 85 D2 75 ?? 33 C0 EB ?? 1B C0 83 C8 ?? 85 C0 0F + 84 ?? ?? ?? ?? 8D 4D ?? 8D 85 ?? ?? ?? ?? 66 8B 10 66 3B 11 75 ?? 66 85 D2 74 ?? 66 + } + $find_files_v1_p2 = { + 8B 50 ?? 66 3B 51 ?? 75 ?? 83 C0 ?? 83 C1 ?? 66 85 D2 75 ?? 33 C0 EB ?? 1B C0 83 C8 + ?? 85 C0 0F 84 ?? ?? ?? ?? 33 C0 53 66 89 85 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? + ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? + ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 + ?? ?? ?? ?? 83 C4 ?? 8D 8D ?? ?? ?? ?? 8B D7 E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 33 C0 53 + 66 89 85 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D + 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 + ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 0F 85 ?? ?? ?? ?? 66 83 + FF ?? 75 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 75 ?? + 51 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 50 68 ?? ?? ?? ?? E8 + ?? ?? ?? ?? 83 C4 ?? EB ?? 66 83 FF ?? 75 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 + ?? ?? ?? ?? 83 C4 ?? 85 C0 74 ?? 83 EC ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 8D 85 ?? + ?? ?? ?? 50 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? FF 15 ?? ?? ?? ?? 8D 85 ?? + ?? ?? ?? 50 56 FF 15 ?? ?? ?? ?? 85 C0 0F 85 ?? ?? ?? ?? 53 66 89 85 ?? ?? ?? ?? 8D + 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? + ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 66 83 FF ?? 75 ?? 8D 85 ?? ?? ?? ?? + 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B F8 83 C4 ?? 85 FF 74 ?? 33 F6 66 66 0F 1F 84 00 + ?? ?? ?? ?? 80 BE ?? ?? ?? ?? ?? 8D 8E ?? ?? ?? ?? 74 ?? 57 6A ?? 6A ?? 51 E8 ?? ?? + ?? ?? 46 83 C4 ?? 81 FE ?? ?? ?? ?? 7C ?? 57 E8 ?? ?? ?? ?? 8B 75 ?? 83 C4 ?? 56 FF + 15 ?? ?? ?? ?? 5F 5E 5B 8B E5 5D C3 + } + $encrypt_files_v1_p1 = { + 53 8B DC 83 EC ?? 83 E4 ?? 83 C4 ?? 55 8B 6B ?? 89 6C 24 ?? 8B EC 6A ?? 68 ?? ?? ?? + ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 51 53 81 EC ?? ?? ?? ?? 53 56 57 89 65 + ?? 8B F9 89 7D ?? C7 45 ?? ?? ?? ?? ?? 0F 57 C0 0F 11 85 ?? ?? ?? ?? 0F 11 45 ?? C7 + 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? 66 0F 13 45 ?? 66 0F 13 + 45 ?? 66 0F 13 45 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? + 68 ?? ?? ?? ?? 57 8D 45 ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 83 7D ?? ?? 0F 8E ?? ?? ?? ?? + 8B F7 8D 4E ?? 0F 1F 00 66 8B 06 83 C6 ?? 66 85 C0 75 ?? 2B F1 D1 FE 83 C6 ?? 89 75 + ?? C7 45 ?? ?? ?? ?? ?? 33 C9 8B C6 BA ?? ?? ?? ?? F7 E2 0F 90 C1 F7 D9 0B C8 51 E8 + ?? ?? ?? ?? 83 C4 ?? 89 45 ?? 33 C9 66 89 08 57 56 50 E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? + ?? ?? ?? 56 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? ?? ?? ?? 56 8B 75 ?? 56 E8 ?? ?? + ?? ?? 83 C4 ?? 68 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 56 8D 45 ?? 50 E8 ?? ?? ?? ?? 83 + C4 ?? 83 7D ?? ?? 0F 8E ?? ?? ?? ?? FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 89 45 ?? 8B CA + 89 4D ?? 85 C9 0F 8C ?? ?? ?? ?? 7F ?? 85 C0 0F 84 ?? ?? ?? ?? 68 ?? ?? ?? ?? E8 ?? + ?? ?? ?? 83 C4 ?? 8B F8 89 7D ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 45 ?? BA ?? ?? ?? + ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? BA ?? ?? ?? ?? 8D 4D ?? E8 ?? ?? ?? ?? 83 C4 ?? + 6A ?? 8D 45 ?? 50 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? ?? ?? ?? 57 FF 75 ?? E8 ?? + ?? ?? ?? 83 C4 ?? 8B C8 89 4D ?? 99 8B F0 89 75 ?? 89 55 ?? C7 45 ?? ?? ?? ?? ?? 81 + } + $encrypt_files_v1_p2 = { + F9 ?? ?? ?? ?? 7E ?? B9 ?? ?? ?? ?? 8B F7 8D BD ?? ?? ?? ?? F3 A5 8D 45 ?? 50 8D 45 + ?? 50 8D 85 ?? ?? ?? ?? 50 68 ?? ?? ?? ?? 8D 95 ?? ?? ?? ?? 8D 8D ?? ?? ?? ?? E8 ?? + ?? ?? ?? FF 75 ?? 8B 7D ?? 57 8B 75 ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? FF 75 ?? 8D 85 ?? + ?? ?? ?? 50 56 E8 ?? ?? ?? ?? 83 C4 ?? 8B 75 ?? 56 FF 75 ?? FF 75 ?? E8 ?? ?? ?? ?? + 83 C4 ?? EB ?? 51 57 8D 85 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 45 ?? 50 8D 45 + ?? 50 8D 85 ?? ?? ?? ?? 50 56 8D 95 ?? ?? ?? ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? FF + 75 ?? 8D 85 ?? ?? ?? ?? 50 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 8B 45 ?? 03 C6 89 45 ?? + 8B 4D ?? 13 4D ?? 89 4D ?? 3B 4D ?? 0F 8C ?? ?? ?? ?? 7F ?? 3B 45 ?? 0F 82 ?? ?? ?? + ?? 6A ?? 68 ?? ?? ?? ?? FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? 6A ?? FF 75 ?? E8 ?? + ?? ?? ?? 83 C4 ?? E8 ?? ?? ?? ?? 8B F0 89 75 ?? 56 51 8D 85 ?? ?? ?? ?? 50 E8 ?? ?? + ?? ?? 83 C4 ?? 6A ?? 57 E8 ?? ?? ?? ?? 6A ?? 8B D7 8B CE E8 ?? ?? ?? ?? 83 C4 ?? 89 + 45 ?? C7 45 ?? ?? ?? ?? ?? 8D 70 ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? 89 45 ?? 56 8B D0 8B + 7D ?? 8B CF E8 ?? ?? ?? ?? 83 C4 ?? 56 8B 75 ?? 56 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? + 85 FF 74 ?? 8B CF E8 ?? ?? ?? ?? 8B 45 ?? 85 C0 74 ?? 6A ?? 50 E8 ?? ?? ?? ?? 83 C4 + ?? 6A ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? 8B 7D ?? 8B 75 ?? 6A ?? 56 E8 ?? ?? ?? ?? 83 C4 + ?? 8B 45 ?? 85 C0 7E ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8B 45 ?? 85 C0 7E ?? 50 E8 ?? ?? + ?? ?? 83 C4 ?? 57 FF 15 ?? ?? ?? ?? 83 E0 ?? 50 57 FF 15 ?? ?? ?? ?? 57 FF 15 ?? ?? + ?? ?? B0 ?? 8B 4D ?? 64 89 0D ?? ?? ?? ?? 5F 5E 5B 8B E5 5D 8B E3 5B C3 + } + $find_files_v2_p1 = { + 55 8B EC B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 53 8B C2 8B D9 89 45 ?? 89 5D ?? 56 57 66 83 + F8 ?? 75 ?? 80 3D ?? ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? + 6A ?? 50 E8 ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B CB 89 45 ?? 83 C4 ?? 66 A1 ?? ?? ?? ?? 66 + 89 45 ?? 8D 51 ?? 66 0F 1F 44 00 ?? 66 8B 01 83 C1 ?? 66 85 C0 75 ?? 2B CA D1 F9 81 + F9 ?? ?? ?? ?? 0F 87 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? + ?? 0F B7 85 ?? ?? ?? ?? 8B F0 8D 48 ?? 8D 46 ?? 66 83 F9 ?? 0F B7 D0 8B CE 8B C6 0F + 47 D0 0F B7 03 0F B7 FA 8B D0 83 C0 ?? 0F B7 D8 66 83 F8 ?? 8B C6 76 ?? 0F B7 F0 83 + FB ?? 8D 42 ?? 0F B7 C8 8B C2 0F 47 C8 66 3B F9 8B 3D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? + 68 ?? ?? ?? ?? 56 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 FF D7 8B 5D ?? 83 C4 ?? 0F B7 + 03 8B F0 8B C8 83 C1 ?? 66 83 F9 ?? 8D 46 ?? 0F B7 D0 8B C6 0F 47 D0 0F B7 85 ?? ?? + ?? ?? 8B C8 66 89 13 8D 50 ?? 8D 41 ?? 66 83 FA ?? 0F B7 F0 8B C1 8B CB 0F 47 F0 66 + 89 B5 ?? ?? ?? ?? 8D 51 ?? 0F 1F 00 66 8B 01 83 C1 ?? 66 85 C0 75 ?? 2B CA D1 F9 83 + F9 ?? 76 ?? 8D 85 ?? ?? ?? ?? 50 53 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 0F 84 ?? ?? ?? ?? + EB ?? 8B 5D ?? 53 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 FF D7 83 C4 ?? 8D 85 ?? ?? ?? + ?? 50 8D 85 ?? ?? ?? ?? 50 FF 15 ?? ?? ?? ?? 89 45 ?? 83 F8 ?? 0F 84 ?? ?? ?? ?? 8B + 8D ?? ?? ?? ?? 8D 41 ?? 66 83 F8 ?? 77 ?? 8D 41 ?? 0F B7 F8 EB ?? 0F B7 F9 0F B7 03 + } + $find_files_v2_p2 = { + 8B F0 8B C8 83 C1 ?? 66 83 F9 ?? 8D 46 ?? 0F B7 D0 8B C6 0F 47 D0 66 3B FA 8B 95 ?? + ?? ?? ?? 75 ?? 83 FA ?? 0F 84 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 8D 70 ?? 66 8B 08 83 C0 + ?? 66 85 C9 75 ?? 2B C6 D1 F8 3D ?? ?? ?? ?? 0F 87 ?? ?? ?? ?? 83 FA ?? 0F 84 ?? ?? + ?? ?? 81 FA ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? F6 C2 ?? 0F 84 ?? ?? ?? ?? 8D 4D ?? 8D 85 + ?? ?? ?? ?? 66 8B 10 66 3B 11 75 ?? 66 85 D2 74 ?? 66 8B 50 ?? 66 3B 51 ?? 75 ?? 83 + C0 ?? 83 C1 ?? 66 85 D2 75 ?? 33 C0 EB ?? 1B C0 83 C8 ?? 85 C0 0F 84 ?? ?? ?? ?? 8D + 4D ?? 8D 85 ?? ?? ?? ?? 66 8B 10 66 3B 11 75 ?? 66 85 D2 74 ?? 66 8B 50 ?? 66 3B 51 + ?? 75 ?? 83 C0 ?? 83 C1 ?? 66 85 D2 75 ?? 33 C0 EB ?? 1B C0 83 C8 ?? 85 C0 0F 84 ?? + ?? ?? ?? 33 C0 53 66 89 85 ?? ?? ?? ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? + ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 50 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? + ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 55 + ?? 8D 8D ?? ?? ?? ?? 83 C4 ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 33 C0 53 66 89 85 ?? ?? + ?? ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? + 50 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 45 ?? 83 C4 ?? 66 83 F8 + } + $find_files_v2_p3 = { + 75 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 0F 85 ?? ?? + ?? ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 85 C0 75 ?? 51 8D + 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 50 68 ?? ?? ?? ?? E8 ?? ?? + ?? ?? 83 C4 ?? EB ?? 66 83 F8 ?? 75 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? + ?? ?? 83 C4 ?? 85 C0 74 ?? 83 EC ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 8D 85 ?? ?? ?? + ?? 50 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? FF 15 ?? ?? ?? ?? 8D 85 ?? ?? ?? + ?? 50 FF 75 ?? FF 15 ?? ?? ?? ?? 85 C0 0F 85 ?? ?? ?? ?? 53 66 89 85 ?? ?? ?? ?? 8D + 85 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 85 ?? ?? ?? ?? 68 ?? ?? + ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B 45 ?? 83 C4 ?? 66 83 F8 ?? 75 ?? 8D 85 ?? + ?? ?? ?? 68 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 8B F8 83 C4 ?? 85 FF 74 ?? 33 F6 0F 1F 00 + 80 BE ?? ?? ?? ?? ?? 8D 8E ?? ?? ?? ?? 74 ?? 57 6A ?? 6A ?? 51 E8 ?? ?? ?? ?? 46 83 + C4 ?? 81 FE ?? ?? ?? ?? 7C ?? 57 E8 ?? ?? ?? ?? 83 C4 ?? FF 75 ?? FF 15 ?? ?? ?? ?? + 5F 5E 5B 8B E5 5D C3 + } + $encrypt_files_v2_p1 = { + 53 8B DC 83 EC ?? 83 E4 ?? 83 C4 ?? 55 8B 6B ?? 89 6C 24 ?? 8B EC 6A ?? 68 ?? ?? ?? + ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 51 53 81 EC ?? ?? ?? ?? 53 56 57 89 65 + ?? 8B F1 89 75 ?? C7 45 ?? ?? ?? ?? ?? 0F 57 C0 0F 11 85 ?? ?? ?? ?? 0F 11 45 ?? C7 + 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? 66 0F 13 45 ?? 66 0F 13 + 45 ?? 66 0F 13 45 ?? C7 45 ?? ?? ?? ?? ?? C7 45 ?? ?? ?? ?? ?? 56 68 ?? ?? ?? ?? E8 + ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 56 8D 45 ?? 50 E8 ?? ?? ?? ?? 83 C4 + ?? FF 15 ?? ?? ?? ?? 50 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 83 7D ?? ?? 0F 8E ?? + ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 8D 4E ?? 0F 1F 80 ?? ?? ?? ?? + 66 8B 06 83 C6 ?? 66 85 C0 75 ?? 2B F1 D1 FE 83 C6 ?? 89 75 ?? C7 45 ?? ?? ?? ?? ?? + 33 C9 8B C6 BA ?? ?? ?? ?? F7 E2 0F 90 C1 F7 D9 0B C8 51 E8 ?? ?? ?? ?? 83 C4 ?? 8B + F8 89 7D ?? 33 C0 66 89 07 FF 75 ?? 56 57 E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? ?? ?? ?? 56 + 57 E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? ?? ?? ?? 56 57 E8 ?? ?? ?? ?? 83 C4 ?? 68 ?? ?? ?? + ?? 6A ?? 68 ?? ?? ?? ?? 57 8D 45 ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 83 7D ?? ?? 0F 8E ?? + ?? ?? ?? 57 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 89 45 ?? + 8B CA 89 4D ?? 85 C9 0F 8C ?? ?? ?? ?? 7F ?? 85 C0 0F 84 ?? ?? ?? ?? 68 ?? ?? ?? ?? + E8 ?? ?? ?? ?? 83 C4 ?? 8B F8 89 7D ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 45 ?? BA ?? + ?? ?? ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? BA ?? ?? ?? ?? 8D 4D ?? E8 ?? ?? ?? ?? 83 + C4 ?? 6A ?? 8D 45 ?? 50 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? FF 75 ?? 68 ?? ?? ?? ?? E8 + ?? ?? ?? ?? 83 C4 ?? 90 68 ?? ?? ?? ?? 57 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 8B C8 89 + } + $encrypt_files_v2_p2 = { + 4D ?? 99 8B F0 89 75 ?? 89 55 ?? C7 45 ?? ?? ?? ?? ?? 81 F9 ?? ?? ?? ?? 7E ?? B9 ?? + ?? ?? ?? 8B F7 8D BD ?? ?? ?? ?? F3 A5 8D 45 ?? 50 8D 45 ?? 50 8D 85 ?? ?? ?? ?? 50 + 68 ?? ?? ?? ?? 8D 95 ?? ?? ?? ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 75 ?? 8B 7D ?? + 57 8B 75 ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? FF 75 ?? 8D 85 ?? ?? ?? ?? 50 56 E8 ?? ?? ?? + ?? 83 C4 ?? 8B 75 ?? 56 FF 75 ?? FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? EB ?? 51 57 8D 85 + ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 8D 45 ?? 50 8D 45 ?? 50 8D 85 ?? ?? ?? ?? 50 + 56 8D 95 ?? ?? ?? ?? 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 75 ?? 8D 85 ?? ?? ?? ?? 50 + FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 8B 45 ?? 03 C6 89 45 ?? 8B 4D ?? 13 4D ?? 89 4D ?? + 3B 4D ?? 0F 8C ?? ?? ?? ?? 7F ?? 3B 45 ?? 0F 82 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? FF + 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? 6A ?? FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? E8 ?? ?? + ?? ?? 8B F0 89 75 ?? 56 51 8D 85 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? 57 E8 + ?? ?? ?? ?? 6A ?? 8B D7 8B CE E8 ?? ?? ?? ?? 83 C4 ?? 89 45 ?? C7 45 ?? ?? ?? ?? ?? + 8D 70 ?? 56 E8 ?? ?? ?? ?? 83 C4 ?? 89 45 ?? 56 8B D0 8B 7D ?? 8B CF E8 ?? ?? ?? ?? + 83 C4 ?? 56 8B 75 ?? 56 FF 75 ?? E8 ?? ?? ?? ?? 83 C4 ?? 85 FF 74 ?? 8B CF E8 ?? ?? + ?? ?? 8B 45 ?? 85 C0 74 ?? 6A ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 6A ?? 56 E8 ?? ?? ?? ?? + 83 C4 ?? 8B 7D ?? 6A ?? 57 E8 ?? ?? ?? ?? 83 C4 ?? 8B 45 ?? 85 C0 7E ?? 50 E8 ?? ?? + ?? ?? 83 C4 ?? 8B 75 ?? 8B 45 ?? 85 C0 7E ?? 50 E8 ?? ?? ?? ?? 83 C4 ?? 56 E8 ?? ?? + ?? ?? 83 C4 ?? B0 ?? 8B 4D ?? 64 89 0D ?? ?? ?? ?? 5F 5E 5B 8B E5 5D 8B E3 5B C3 + } + + condition: + uint16(0)==0x5A4D and ( all of ($manage_gui_p*)) and ((( all of ($find_files_v1_p*)) and ( all of ($encrypt_files_v1_p*))) or (( all of ($find_files_v2_p*)) and ( all of ($encrypt_files_v2_p*)))) +} rule REVERSINGLABS_Win32_Ransomware_Mafia : TC_DETECTION MALICIOUS MALWARE FILE { meta: @@ -24188,8 +24454,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mafia : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5c17b799f0b4f1f8f72a2e4203a6606f7783ceec2034694f8a21ff65e5afdb26" score = 75 quality = 90 @@ -24320,8 +24586,8 @@ rule REVERSINGLABS_Win64_Ransomware_Vovalex : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-12" modified = "2021-03-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0c0f065224988bcba45b5aba2dceb080479b0bab235d544daabc3cae72e48318" score = 75 quality = 90 @@ -24398,8 +24664,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dogecrypt : TC_DETECTION MALICIOUS MALWARE F date = "2021-04-28" modified = "2021-04-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1c19862884cf1e59d12c84f5ff6f799a4087ddc8bd887e0d2ce7da053642b851" score = 75 quality = 90 @@ -24505,8 +24771,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptofortress : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "474893b63523de5ff9eb8a0c91b0677b99ce65056af7f5d02a73e43fa65453c9" score = 75 quality = 90 @@ -24653,8 +24919,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ferrlock : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b94bc77489dbb74573813631009e605bc848e17995a0a512d08b194ee3020b75" score = 75 quality = 90 @@ -24771,8 +25037,8 @@ rule REVERSINGLABS_Win64_Ransomware_Antiwar : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-04-21" modified = "2022-04-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2d885f35454aaf7cb33f03c30b6681aa16cbe8353003bbae0b1e9fdecb2ff8a7" score = 75 quality = 90 @@ -24905,8 +25171,8 @@ rule REVERSINGLABS_Win64_Ransomware_Redroman : TC_DETECTION MALICIOUS MALWARE FI date = "2021-05-10" modified = "2021-05-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6fb2ac0e7f7ac095766e27c057e5124406dc493c08d01a7e5381403d794c7240" score = 75 quality = 90 @@ -24984,8 +25250,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kangaroo : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1078fb3d47ad737548419e5ee66e686f705c02fea27a58c0097446547325772c" score = 75 quality = 90 @@ -25068,8 +25334,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Povlsomware : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "465dc1b1d7e9eb3091f36efb51029cd3383d05ece054e814b18f379e58c7e457" score = 75 quality = 90 @@ -25126,8 +25392,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE date = "2022-12-13" modified = "2022-12-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c68671e51489af00e9e0cf28373e5ec01bda042653dbcca8843357eede41f27f" score = 75 quality = 88 @@ -25530,8 +25796,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bananacrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-09-14" modified = "2020-09-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6bde4430e438947b0d7f10c4de11216929ec03af81b3d74f8b7bb8ed134d08d2" score = 75 quality = 90 @@ -25628,8 +25894,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hotcoffee : TC_DETECTION MALICIOUS MALWARE F date = "2021-11-25" modified = "2021-11-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "15ae428c37fcc5a09d324fd9be5a8df3a812e6459cb1ce8eec56eabf785b4c05" score = 75 quality = 90 @@ -25728,8 +25994,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Fantom : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f2aaa9776b7ca302052b3303d45df24cc151a4efc7ea9f4bb3c1f53d10ded03a" score = 75 quality = 90 @@ -25820,8 +26086,8 @@ rule REVERSINGLABS_Win32_Ransomware_Outsider : TC_DETECTION MALICIOUS MALWARE FI date = "2020-10-23" modified = "2020-10-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "80c5a93b5b72b7b66e36f1726486b0c7620588d05bd925510d76f020a40b124c" score = 75 quality = 90 @@ -25901,8 +26167,8 @@ rule REVERSINGLABS_Win32_Ransomware_DMR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "55e19f3017c2cc8355c27f9a516e611b58b108f15bfed41b88d5662b55677a59" score = 75 quality = 90 @@ -26104,8 +26370,8 @@ rule REVERSINGLABS_Win32_Ransomware_Chichi : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-02-14" modified = "2022-02-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "863a30e4c708e13ea0f4c6ad42a919de463926508783d6552c0cec746730baa5" score = 75 quality = 90 @@ -26164,8 +26430,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wormlocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "87a4f805de78d7e7dffb176302407453108ca01552c682aeee38f8d0201263c9" score = 75 quality = 90 @@ -26226,8 +26492,8 @@ rule REVERSINGLABS_Win32_Ransomware_Montserrat : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c8782a8cb2b87e76ff1f804ee8affd01405827d0914ea725bb0e9ddace7dde10" score = 75 quality = 90 @@ -26335,8 +26601,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sage : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "69079b7176050096cdbaaaff30dd0359366b3a6a74e8bc17db348794388f71ba" score = 75 quality = 90 @@ -26406,8 +26672,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satana : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5deb6ac2e8b64fb6f7af8c41a9b9e695668ca66c96c65f0c7350b11cd4ae0c50" score = 75 quality = 90 @@ -26521,8 +26787,8 @@ rule REVERSINGLABS_Win32_Ransomware_Globeimposter : TC_DETECTION MALICIOUS MALWA date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4345a767f270428f3b509fdad5a96bf9b494b190d3a836c4bf53dfd75da5bacb" score = 75 quality = 90 @@ -26670,12 +26936,12 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Oni ransomware." author = "ReversingLabs" id = "9190aee2-1119-546e-82ca-a7aba44a9d7f" - date = "2024-11-24" - date = "2024-11-24" + date = "2024-12-01" + date = "2024-12-01" modified = "2020-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "685abf5a5edba5bae19faaf6521ce617370cdab1404fe84d846e82a60182dfff" score = 75 quality = 90 @@ -26749,8 +27015,8 @@ rule REVERSINGLABS_Linux_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3ed1fb2b7b24cd4d5100d93ed53a9ab28e1482bd0998a0538d8710a962ee839f" score = 75 quality = 90 @@ -26888,8 +27154,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomplus : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8ab18c6bcb939eac0e74f015dea773141b5086c5fcb4783666eeac1f395bc208" score = 75 quality = 90 @@ -26985,8 +27251,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hermes : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6db95c422ee2f9dd8a1795031ee8d7d5ed84e16cde47512becc006b6a849e890" score = 75 quality = 90 @@ -27237,8 +27503,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ryuk : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bf93892b281be20917656e242cbb0f3b3694439556b7e5e40a424ba1aa909105" score = 75 quality = 90 @@ -27424,8 +27690,8 @@ rule REVERSINGLABS_Win32_Ransomware_Antefrigus : TC_DETECTION MALICIOUS MALWARE date = "2021-03-05" modified = "2021-03-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b84c01da0ee97a4eb8bf099c71094f994feb4c7185ad75b8b2ccda5eee283a92" score = 75 quality = 90 @@ -27621,8 +27887,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptobit : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ccc8a0f1c5e11211649992d0f2b309968c97b49f1c7359e62d622f364e117429" score = 75 quality = 90 @@ -27726,8 +27992,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hddcryptor : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "47915f315bb4956507362f56024f5632cb1bcec569ceaf77fe9d7cb9c25d1d8a" score = 75 quality = 90 @@ -27854,8 +28120,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bkransomware : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3118098f05a13bd161af0cb1ec322878b371ff70b9f3815a04115a214c0965a2" score = 75 quality = 90 @@ -27930,8 +28196,8 @@ rule REVERSINGLABS_Win32_Ransomware_Armage : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa8ddcbb0fdcad15e603e000db1d4f86eae7d42efce1c1d21dc3dd57ee9f4319" score = 75 quality = 90 @@ -28049,8 +28315,8 @@ rule REVERSINGLABS_Win32_Ransomware_Targetcompany : TC_DETECTION MALICIOUS MALWA date = "2021-09-27" modified = "2021-09-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "05fa81afa8aa1e3b9955ad24a274ddef4fb32d678902af7aae6d6c67ed3bf0fd" score = 75 quality = 90 @@ -28177,8 +28443,8 @@ rule REVERSINGLABS_Win32_Ransomware_Howareyou : TC_DETECTION MALICIOUS MALWARE F date = "2021-06-14" modified = "2021-06-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "90568365aac61d120886f9efa9822ccc23df79a1a55e522c81db6e77477c4f04" score = 75 quality = 90 @@ -28369,8 +28635,8 @@ rule REVERSINGLABS_Win32_Ransomware_Retmydata : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "54ce38d75e9ab82a77b9c338f75e180e19ac745f149289c7478a4aa3b44d70fd" score = 75 quality = 90 @@ -28442,8 +28708,8 @@ rule REVERSINGLABS_Win32_Ransomware_Monalisa : TC_DETECTION MALICIOUS MALWARE FI date = "2022-05-13" modified = "2022-05-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0bcb79dff111ec05ac93bbe9a777546bd6234dc60d9f6982c03cd0bc3b26b038" score = 75 quality = 90 @@ -28515,8 +28781,8 @@ rule REVERSINGLABS_Win64_Ransomware_Wintenzz : TC_DETECTION MALICIOUS MALWARE FI date = "2021-11-02" modified = "2021-11-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ff4bdf2f6ee185b98d0014b3066806fe7e25ea94f46837948bc5262440bf8a56" score = 75 quality = 90 @@ -28591,8 +28857,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sepsis : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "171ad074a780b45195c6e02b111b3883c58a4028e635c4d6b8ce27c5e05e35d7" score = 75 quality = 90 @@ -28708,8 +28974,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "488e9b528f75fcfaa8dd19859801e6e5a73575c33cd70c98ebaa9ae93025018b" score = 75 quality = 90 @@ -28849,8 +29115,8 @@ rule REVERSINGLABS_Win32_Ransomware_FLKR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4ab00ba82baceec9899556d3a774ec08c83c10930cec194e18e3b4e16ebacb58" score = 75 quality = 90 @@ -28923,8 +29189,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sanwai : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-11" modified = "2021-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a7a95b2403fe539dce0d856cc1c04d15440677ea39c0a22e818b42333a64e92c" score = 75 quality = 90 @@ -28988,8 +29254,8 @@ rule REVERSINGLABS_Win64_Ransomware_Whiteblackcrypt : TC_DETECTION MALICIOUS MAL date = "2021-07-05" modified = "2021-07-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "37b95cc3412f2f2d02d19c4c15b529c4f67453cb195627b5bab2f353e7602354" score = 75 quality = 90 @@ -29072,8 +29338,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Hog : TC_DETECTION MALICIOUS MALWARE date = "2021-10-12" modified = "2021-10-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c5cbc79fee9083ed3befa6b0d348f2d38064bb9012b8f0ca11afd7137243866d" score = 75 quality = 90 @@ -29135,8 +29401,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Thanos : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6bc0c2188a04d2fb2a82a6b6d6cdf7763c32047bec725fe07f01415edf0b4cd" score = 75 quality = 90 @@ -29233,8 +29499,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cincoo : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-06-21" modified = "2022-06-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6a7562cae90754ea75a9fb98ce73ebdb9acf1ad7f28f2240abe6cb592d717ca3" score = 75 quality = 90 @@ -29305,8 +29571,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Namaste : TC_DETECTION MALICIOUS MAL date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a952276f41b5524bcb82a9ceb076983d2faf2864b3bbd0a06d49bbd5edc1e0e" score = 75 quality = 90 @@ -29381,8 +29647,8 @@ rule REVERSINGLABS_Win32_Ransomware_Regretlocker : TC_DETECTION MALICIOUS MALWAR date = "2021-04-02" modified = "2021-04-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3927dfecacd74f60a169f82b68df5747daa90eaba77f24c5e730ce4c48d426a3" score = 75 quality = 90 @@ -29575,8 +29841,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badbeeteam : TC_DETECTION MALICIOUS MALWARE date = "2020-11-13" modified = "2020-11-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9b5367655c7c70958332d31524833d96d03027aab693393b19f478a80482abd0" score = 75 quality = 90 @@ -29703,8 +29969,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hermeticransom : TC_DETECTION MALICIOUS MALW date = "2022-05-13" modified = "2022-05-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "123d569a9d9b9d855b3baafd6194f102d82a594fd7a2bba073843a8654a317cb" score = 75 quality = 90 @@ -29801,8 +30067,8 @@ rule REVERSINGLABS_Win32_Ransomware_Horsedeal : TC_DETECTION MALICIOUS MALWARE F date = "2020-10-01" modified = "2020-10-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fa8c425b08606399b5dc7673f3898e3dba7efb6a62e56db8f500cf5072bb590b" score = 75 quality = 90 @@ -29896,8 +30162,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gandcrab : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "79381635681482fc90defe4e10e97bf16d534837518fc06ae579822e9d77b461" score = 75 quality = 88 @@ -30746,8 +31012,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifreli : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-10-08" modified = "2020-10-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "48f6cc678bea81afece0ae203fb27b61e2c6e4f7188a3bd260190f568c9a8a06" score = 75 quality = 90 @@ -30857,8 +31123,8 @@ rule REVERSINGLABS_Win32_Ransomware_Petya : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d2adafcb21b627d614eab79e64e2b96ad09fae796d0670452a19490d8781ce99" score = 75 quality = 90 @@ -30914,8 +31180,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blitzkrieg : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "22dd16c886a1982186fe927e633be9951da7d7e664e877e11fa976696b2bc86f" score = 75 quality = 90 @@ -31031,8 +31297,8 @@ rule REVERSINGLABS_Win32_Ransomware_PXJ : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e88d27dcd7ad3af459bd7e34fcc827822365441446b0e4e7bbec399c9a948cb7" score = 75 quality = 90 @@ -31179,8 +31445,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpgqwerty : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e59adadd66b4d242ac7337ce4b3c3ec6c60724f4cf5b86305f1e31b88745928c" score = 75 quality = 90 @@ -31259,8 +31525,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Janelle : TC_DETECTION MALICIOUS MAL date = "2021-12-16" modified = "2021-12-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "49f1eac82930606183ab9cf1d5c6c42534d58735876134793e9712e78eb5a4c7" score = 75 quality = 90 @@ -31348,8 +31614,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zerocrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "947925206ded187eac31c5046d75ab017869ae3f8dc906f2e5536d4db219f108" score = 75 quality = 90 @@ -31445,8 +31711,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zoldon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4821b8506e7ba00987978f2744da1c532e03d73f3275cb15e39cdf87f6018223" score = 75 quality = 90 @@ -31544,8 +31810,8 @@ rule REVERSINGLABS_Win32_Ransomware_Loocipher : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa0598d63b5fad6aea0945a0aa2030d3d6e2cd9f1fea16f3dd17cdceb68323e3" score = 75 quality = 90 @@ -31625,8 +31891,8 @@ rule REVERSINGLABS_Win32_Ransomware_Skystars : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-20" modified = "2020-11-20" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "352d22183b0974908ce684725fe85b4714ac5959c3bddf093b54383195881a5a" score = 75 quality = 90 @@ -31715,8 +31981,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sigrun : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ea29ec64cdfc0c714fe0acdce5878cb1302dd5aa916811121c644948ce275935" score = 75 quality = 90 @@ -31817,8 +32083,8 @@ rule REVERSINGLABS_Win32_Ransomware_Asn1Encoder : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "000fd846fa5f09af19ead4623bb5a8eb51cdb4c751013569bf070710d3e0d61d" score = 75 quality = 90 @@ -31945,8 +32211,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Mcburglar : TC_DETECTION MALICIOUS M date = "2021-09-27" modified = "2021-09-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "57fefcdc1528fc1c8da36a431cd09774e33ea08a394ac4f8d19a27504e72676d" score = 75 quality = 90 @@ -32009,8 +32275,8 @@ rule REVERSINGLABS_Win64_Ransomware_Cactus : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-15" modified = "2023-12-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2953b67e926cb653df0de208b098da3d5c16e6690842ab28fbf8c37cd16f54d7" score = 75 quality = 90 @@ -32184,8 +32450,8 @@ rule REVERSINGLABS_Win32_Ransomware_Balaclava : TC_DETECTION MALICIOUS MALWARE F date = "2020-10-01" modified = "2020-10-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "01b43e6ea7ceebdbdda7e1f7c5bd2439a460b8aed4a1837755fa3679e9893ff3" score = 75 quality = 90 @@ -32289,8 +32555,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Dusk : TC_DETECTION MALICIOUS MALWAR date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b6b0b3be7c17115dc5f225a13228f8a4811d84ae095c3ceba2d89f569f2d40c7" score = 75 quality = 90 @@ -32355,8 +32621,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avoslocker : TC_DETECTION MALICIOUS MALWARE date = "2021-10-22" modified = "2021-10-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4d81b801a95a54a35989c4a985d92578971568d1412f625bca911d0fa1eee1fe" score = 75 quality = 90 @@ -32455,8 +32721,8 @@ rule REVERSINGLABS_Cert_Blocklist_05E2E6A4Cd09Ea54D665B075Fe22A256 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L27-L43" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L27-L43" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "43da21d9c7ae9bfcc7fe4ee69f9d46cbce1954785d56c1d424b36deb8afe592e" score = 75 quality = 90 @@ -32480,8 +32746,8 @@ rule REVERSINGLABS_Cert_Blocklist_77019A082385E4B73F569569C9F87Bb8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L45-L61" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L45-L61" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8613986005bdd30d92e633fa2058be5c43f1c530b9dc6d80ec953f12f6d66ce7" score = 75 quality = 90 @@ -32505,8 +32771,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F2Ef29Ca5F96E5777B82C62F34Fd3A6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L63-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L63-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e8f27c4a72f416a16acabb1de606fdde7dc694256809fdb952a25313dda0d34e" score = 75 quality = 90 @@ -32530,8 +32796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cc1Db2Ad0A290A4Bfe7A5F336D6800C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L81-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L81-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c9f91edb525a02041bc20dff25ec58323f8fabd4d2a2eca63238ecb10ccef2a6" score = 75 quality = 90 @@ -32555,8 +32821,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C8351Aece71C731158980F575F4133 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L99-L115" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L99-L115" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f96723845adc8030b72c119311103d5c2cf136e79de226d31141d8b925ce8e75" score = 75 quality = 90 @@ -32580,8 +32846,8 @@ rule REVERSINGLABS_Cert_Blocklist_4531954F6265304055F66Ce4F624F95B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L117-L133" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L117-L133" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58d3a2a5e3f6730f329bddb171ad6332794fa95848825b892c3b8324f503ae89" score = 75 quality = 90 @@ -32605,8 +32871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E808F231515Bc519Eea1A73Cdf3266F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L135-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L135-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "05e466e304ed7a8f5c1c93aac4a4b7019d6fb1e07aeb45d078b657f838d1f3bd" score = 75 quality = 90 @@ -32630,8 +32896,8 @@ rule REVERSINGLABS_Cert_Blocklist_36Be4Ad457F062Fa77D87595B8Ccc8Cf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L153-L169" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L153-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d19a6f22a1e702a4da69c867195722adf8f1dd84539f2c584af428fe4b1caf79" score = 75 quality = 90 @@ -32655,8 +32921,8 @@ rule REVERSINGLABS_Cert_Blocklist_75A38507Bf403B152125B8F5Ce1B97Ad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L171-L187" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L171-L187" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "af21cee3ee92268c3aa0106a245e5a00c5ba892fca3e4fd2dc55e302ed5d470a" score = 75 quality = 90 @@ -32680,8 +32946,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Effa8B216E24B16202940C1Bc2Fa8A5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L189-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L189-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b5282fc85bbbee50c5307fff923e9e477fed8c011288e2ebd61c4b3ee801bc62" score = 75 quality = 90 @@ -32705,8 +32971,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D7153A89Bbf4729Be87F3C927043Aa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L207-L223" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L207-L223" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a8de7951bd25c8a9346ef341d8bf9c9147f9fa6913e952be40fb43d3d7a370c1" score = 75 quality = 90 @@ -32730,8 +32996,8 @@ rule REVERSINGLABS_Cert_Blocklist_028E1Deccf93D38Ecf396118Dfe908B4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L225-L241" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L225-L241" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b07c797652ef19c7e0b23c3eddbbbf2700160d743d71a0005b950160474638d8" score = 75 quality = 90 @@ -32755,8 +33021,8 @@ rule REVERSINGLABS_Cert_Blocklist_40575Df73Eaa1B6140C7Ef62C08Bf216 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L243-L259" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L243-L259" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7da8e98f38413e5cbb18e3c7771c530afb766dd9fbeb8fdd2264617aff24f920" score = 75 quality = 90 @@ -32780,8 +33046,8 @@ rule REVERSINGLABS_Cert_Blocklist_049Ce8C47F1F0E650Cb086F0Cfa7Ca53 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L261-L277" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L261-L277" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9ae4a236e1252afc1db6fae4e388a53ebde7e724cc07c213d4bfc176cf0a0096" score = 75 quality = 90 @@ -32805,8 +33071,8 @@ rule REVERSINGLABS_Cert_Blocklist_29F42680E653Cf8Fafd0E935553F7E86 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L279-L295" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L279-L295" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6c726e4c2933a6472d256a18ea5265660ff035d05036ab9cae3409ab5a7c7598" score = 75 quality = 90 @@ -32830,8 +33096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C15 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L297-L313" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L297-L313" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1ee88813270dddeeedd90edbce9be2ce74303a6799ee64b0e9bfaea7377d3b2d" score = 75 quality = 90 @@ -32855,8 +33121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L315-L331" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L315-L331" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0f8fda07dc362b7e04892446f1abe1e5f5717ee715824a2c1f6550096c366701" score = 75 quality = 90 @@ -32880,8 +33146,8 @@ rule REVERSINGLABS_Cert_Blocklist_06A164Ec5978497741Ee6Cec9966871B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L333-L349" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L333-L349" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8a27015d94a3bd8543a8ca9202831ffc9c9e65f61bf26ed6825c3e746b6af0d4" score = 75 quality = 90 @@ -32905,8 +33171,8 @@ rule REVERSINGLABS_Cert_Blocklist_1121Ed568764E75Be35574448Feadefcd3Bc : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L351-L367" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L351-L367" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3316a2536920c5aa9dd627cec7678e6fe33c722b4830dd740009c20dd013c9ab" score = 75 quality = 90 @@ -32930,8 +33196,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ed2450Ceac0F72E73Fda1727E66E654 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L369-L385" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L369-L385" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0e5af7795c825367d441c8abc2aa835fa83083eb8ee1f723c7d2dacff1ca88ff" score = 75 quality = 90 @@ -32955,8 +33221,8 @@ rule REVERSINGLABS_Cert_Blocklist_32665079C5A5854A6833623Ca77Ff5Ac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L387-L403" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L387-L403" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6b734ca733c5fbadcb490ffd4c19c951e0fc17dd9b660eca948b126038c42cdb" score = 75 quality = 90 @@ -32980,8 +33246,8 @@ rule REVERSINGLABS_Cert_Blocklist_01A90094C83412C00Cf98Dd2Eb0D7042 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L405-L421" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L405-L421" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a3de0e6de5cda39e40988f9e2324cbee3e059aff5ceaf7fd819de8bf7215808" score = 75 quality = 90 @@ -33005,8 +33271,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Efe24B9674855Baf16E67716479C71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L423-L439" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L423-L439" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2cf7a76ae3c3a698564013ff545c74d0319face5aa19416c93bf10f45f84f8c9" score = 75 quality = 90 @@ -33030,8 +33296,8 @@ rule REVERSINGLABS_Cert_Blocklist_094Bf19D509D3074913995160B195B6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L441-L457" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L441-L457" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c1ed012716f36876d9375838befb9821b87cafc6aca57a0f18392f80f5ba325" score = 75 quality = 90 @@ -33055,8 +33321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A77Cf3Ba49B64E6Cbe5Fb4A6A6Aacc6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L459-L475" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L459-L475" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3bebc4a36b57526505167d8f075d468e4775d66c81ce08644c506d9be94efba0" score = 75 quality = 90 @@ -33080,8 +33346,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F4C22Da1107D20C1Eda04569D58E573 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L477-L493" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L477-L493" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fe19c4b21c3b70ec571461ca6d9c370a971c01f2d68e3c3916aa1fa0f13b20f8" score = 75 quality = 90 @@ -33105,8 +33371,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fe68D48634893D18De040D8F1C289D2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L495-L511" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L495-L511" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "41feebc8800a084ac369b5c5721b1362d371bd503b67823986bad2839157a4b0" score = 75 quality = 90 @@ -33130,8 +33396,8 @@ rule REVERSINGLABS_Cert_Blocklist_6767Def972D6Ea702D8C8A53Af1832D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L513-L529" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L513-L529" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa7f997449b4b8dcf488cfb7f45ee98ca540d39fb861f5b01ff4bb4aa1875b72" score = 75 quality = 90 @@ -33155,8 +33421,8 @@ rule REVERSINGLABS_Cert_Blocklist_06477E3425F1448995Ced539789E6842 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L531-L547" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L531-L547" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c0bc7808bb6bcc8273a887203c1b47d1a49fcb7719863e6bc97b5c7404a254f7" score = 75 quality = 90 @@ -33180,8 +33446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0450A7C1C36951Da09C8Ad0E7F716Ff2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L549-L565" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L549-L565" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cb594607ceef1b8d79145ad3905fb2c38d2ed3f3e6c8a0a793fc2dc9d0a21855" score = 75 quality = 90 @@ -33205,8 +33471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F9Fbdab9B39645Cf3211F87Abb5Ddb7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L567-L583" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L567-L583" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ba5885c7769b5ead261815880033b0df50dc4f7684fdb37398ab01bfebda0e37" score = 75 quality = 90 @@ -33230,8 +33496,8 @@ rule REVERSINGLABS_Cert_Blocklist_4211D2E4F0E87127319302C55B85Bcf2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L585-L601" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L585-L601" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "edf9bbface7fe943dfa4f5a6e8469802ccdbd3de9d3e6b8fabebb024c21bb9a9" score = 75 quality = 90 @@ -33255,8 +33521,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B44Cdbfffb78De05F4261672A67312 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L603-L619" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L603-L619" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c88a8543782fc49d8aa68f3fc8052bd3316d10118dfb2ef2eef5006de657b6f1" score = 75 quality = 90 @@ -33280,8 +33546,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F8B9A1Ba5E60C754Dbb40Ddee7905E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L621-L637" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L621-L637" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a0d07d47cd41db5dc170a29607b6c1f2e3b7c0785f83b211f68f9cb9368e350" score = 75 quality = 90 @@ -33305,8 +33571,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A389B95Ee736Dd13Bc0Ed743Fd74D2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L639-L655" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L639-L655" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8b83e4aa47cea7cadf4b4a9f4e044478a62f4233e082fb52f9ed906d80a552aa" score = 75 quality = 90 @@ -33330,8 +33596,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A3Faaeb3A8B93B2394Fec36345996E6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L657-L673" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L657-L673" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a3bd9aaba8dbdb340b5d3013684584524eb08b11339985ba6ca0291b8c8bc692" score = 75 quality = 90 @@ -33355,8 +33621,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A35Acce5B0C77206B1C3Dc2A6A2417C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L675-L691" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L675-L691" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ce161fdd511e0efa042516ead09c6ab5f8dcf54f2087cdccbfed8e7cdfbd25b2" score = 75 quality = 90 @@ -33380,8 +33646,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb40Ea11Eaac847B050De9B59E25Bdc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L693-L709" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L693-L709" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d0e7ab78fb42c9a8f19cba8e6a8b15d584651a23f1088e1f311589d46145e963" score = 75 quality = 90 @@ -33405,8 +33671,8 @@ rule REVERSINGLABS_Cert_Blocklist_6724340Ddbc7252F7Fb714B812A5C04D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L711-L727" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L711-L727" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bc72c2ca5f81198684233e23260831da5b9ef4e7ac5a25abbdb303eecc38bd53" score = 75 quality = 90 @@ -33430,8 +33696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0813Ee9B7B9D7C46001D6Bc8784Df1Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L729-L745" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L729-L745" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1a25a2f25fa8d5075113cbafb73e80e741268d6b2f9e629fd54ffca9e82409b0" score = 75 quality = 90 @@ -33455,8 +33721,8 @@ rule REVERSINGLABS_Cert_Blocklist_530591C61B5E1212F659138B7Cea0A97 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L747-L763" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L747-L763" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ef01e542d145475713bbd373bdcdae5f25bfd823a60e7d40fe9a6b6039c83e0" score = 75 quality = 90 @@ -33480,8 +33746,8 @@ rule REVERSINGLABS_Cert_Blocklist_07270Ff9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L765-L781" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L765-L781" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8f0da7c330464184fa1d5bf8d51dd8ad2e8637710a36972dcab03629cb57e910" score = 75 quality = 90 @@ -33505,8 +33771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0727100D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L783-L799" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L783-L799" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a09f4004ed002b90d67a3baddde74832e6c7b70e8b330347ef169460750aa344" score = 75 quality = 90 @@ -33530,8 +33796,8 @@ rule REVERSINGLABS_Cert_Blocklist_07271003 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L801-L817" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L801-L817" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "14c201b4fdda5b3553732a173a3d6705129c54f2a50d26997d63a77be8504285" score = 75 quality = 90 @@ -33555,8 +33821,8 @@ rule REVERSINGLABS_Cert_Blocklist_013134Bf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L819-L835" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L819-L835" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1ade100c310c22bce25bcc6687855bd4eb6364b64cf31514b2548509a16e4a36" score = 75 quality = 90 @@ -33580,8 +33846,8 @@ rule REVERSINGLABS_Cert_Blocklist_01314476 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L837-L853" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L837-L853" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6f2f3f3ae009fbb9ebe589fc6b640be89c4a7b734eda515f182c7e9c9ffb4779" score = 75 quality = 90 @@ -33605,8 +33871,8 @@ rule REVERSINGLABS_Cert_Blocklist_013169B0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L855-L871" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L855-L871" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "354421ebad7fd0b73c9ba63630c91d481901ca9ec39be3c6b66843221e4b5aad" score = 75 quality = 90 @@ -33630,8 +33896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C76Da9C910C4E2C9Efe15D058933C4C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L873-L889" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L873-L889" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "883e93bff42161ba68f69fb17f7e78377d7f3cb6b6cdf72cffb4166466f8bc7b" score = 75 quality = 90 @@ -33655,8 +33921,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Caf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L891-L907" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L891-L907" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2490dbd74a5d3eede494d284f96af835c270d2fb0752b887aadbaf92bf34e6d4" score = 75 quality = 90 @@ -33680,8 +33946,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C3Cc9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L909-L925" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L909-L925" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7327b7cbeb616bc46c82975aed6b3ea1caafa74fd431e2d98ca55b00851e22c8" score = 75 quality = 90 @@ -33705,8 +33971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A82Bd1E144E8814D75B1A5527Bebf3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L927-L943" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L927-L943" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2534e58ce1e5adbb10dbacb664d40cc32faec341bdb93b926cc85b666cc7b77e" score = 75 quality = 90 @@ -33730,8 +33996,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Cb0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L945-L961" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L945-L961" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "67ff84475cbe231f97daa3ce623689e7936db8e56be562778f8a4c1ebf7bf316" score = 75 quality = 90 @@ -33755,8 +34021,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0E636A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L963-L979" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L963-L979" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "20169cf9ce3f271a22d1376bcf0ff0914f43937738c9ed61fd8e40179405136b" score = 75 quality = 90 @@ -33780,8 +34046,8 @@ rule REVERSINGLABS_Cert_Blocklist_072714A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L981-L997" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L981-L997" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8bea4cfb60056446043ef90a7d01ecc52d82d9e7005a145a4daa61a522ecd2ae" score = 75 quality = 90 @@ -33805,8 +34071,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D8F35F4Eb7872B2Dab0692E315382Fb0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L999-L1017" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L999-L1017" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "463757c59c32859163ea80e694e1f39239c857124aad3895f22f83b47645910c" score = 75 quality = 90 @@ -33830,8 +34096,8 @@ rule REVERSINGLABS_Cert_Blocklist_750E40Ff97F047Edf556C7084Eb1Abfd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1019-L1035" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1019-L1035" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "21c2468905514e1725a206814b0c61c576cf7f97f184bac857bca9283f49a957" score = 75 quality = 90 @@ -33855,8 +34121,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B5190F73724399C9254Cd424637996A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1037-L1053" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1037-L1053" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08f287ccda93e03a7e796d5625ab35ef0de782d07e5db4e2264f612fc5ebaa21" score = 75 quality = 90 @@ -33880,8 +34146,8 @@ rule REVERSINGLABS_Cert_Blocklist_00Ebaa11D62E2481081820 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1055-L1072" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1055-L1072" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2fafc6775ec88b5a1000afbc7234fbef6b03e9eaf866dae660dd2d749996cb5c" score = 75 quality = 90 @@ -33905,8 +34171,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Aab11Dee52F1B19D056 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1074-L1089" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1074-L1089" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1f1215143dc828596e6d7eeff99983755b17eaeb3ab9d7643abdbb48e9957c78" score = 75 quality = 90 @@ -33930,8 +34196,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102B01900000000002F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1091-L1106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1091-L1106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6c42daa8b8730541bb422ac860ec4b0830e00fdb732e4bb503054dbcae1ff6d4" score = 75 quality = 90 @@ -33955,8 +34221,8 @@ rule REVERSINGLABS_Cert_Blocklist_01E2B4F759811C64379Fca0Be76D2Dce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1108-L1124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1108-L1124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0dff7a9f2e152c20427ea231449b942a040e964cb7dad90271d2865290535326" score = 75 quality = 90 @@ -33980,8 +34246,8 @@ rule REVERSINGLABS_Cert_Blocklist_03E5A010B05C9287F823C2585F547B80 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1126-L1142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1126-L1142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1d57b640ee313ad4d53dc64ce4df3e4ed57976e7750cfd80d62bf9982d964d26" score = 75 quality = 90 @@ -34005,8 +34271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fe7Df6C4B9A33B83D04E23E98A77Cce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1144-L1160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1144-L1160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "da5ed07def8d0c04ea58aacd90f9fa5588f868f6d0057b9148587f2f0b381f25" score = 75 quality = 90 @@ -34030,8 +34296,8 @@ rule REVERSINGLABS_Cert_Blocklist_065569A3E261409128A40Affa90D6D10 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1162-L1178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1162-L1178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f8d68758704e41325e95ec69334aaf7fabe08a6d5557e0a81bac2f02d3ab5977" score = 75 quality = 90 @@ -34055,8 +34321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0979616733E062C544Df0Abd315E3B92 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1180-L1196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1180-L1196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "034b233d6b6dd82ad9fa1ec99db1effa3daaa5bb478d448133c479ac728117ad" score = 75 quality = 90 @@ -34080,8 +34346,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D3250B27E0547C77307030491B42802 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1198-L1214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1198-L1214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "65f036921dfb9cbce3275aefb7111711e50874440096b2e3c3b55190cfc14ddb" score = 75 quality = 90 @@ -34105,8 +34371,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D1836Bd37C331A67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1216-L1234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1216-L1234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8af1d10085c5be8924eb6e4ea3a9b8e936c7706d8ec43d42f24a9a293c7f9d27" score = 75 quality = 90 @@ -34130,8 +34396,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ca028D1A4De0Eb743135Edecf74D7Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1236-L1252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1236-L1252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "60b6351194e23153d425eaa0c25f840080a29abb5eb1bbcd41bb76a3d4130edd" score = 75 quality = 90 @@ -34155,8 +34421,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbb14Dcf973Eada14Ece7Ea79C895C11 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1254-L1270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1254-L1270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c73c83f5cb6d840b887e1aa41e96a29529f975434ac27a5aa57f2e14b342f63d" score = 75 quality = 90 @@ -34180,8 +34446,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2239De3977B8D4A3Dcbedc9031A51 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1272-L1288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1272-L1288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa4f39790bc58b0a50e05e7670abad654d7f3d73e500bd5f054fece4a979ebfa" score = 75 quality = 90 @@ -34205,8 +34471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Caad8222705D3Fb3430E114A31C8C6A4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1290-L1306" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1290-L1306" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "35c4f46322da4f5b9f938c1098c8e57effc8abfc03db865190c343df7b8990ea" score = 75 quality = 90 @@ -34230,8 +34496,8 @@ rule REVERSINGLABS_Cert_Blocklist_B191812516E6618D49E6Ccf5E63Dc343 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1308-L1324" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1308-L1324" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40c03e683b4b8e8a23ca84da7dfd3bd998d3708b27b7df7a22f25fb364c3a69b" score = 75 quality = 90 @@ -34255,8 +34521,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ba7Fb8Ee1Deff8F4A1525E1E0580057 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1326-L1342" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1326-L1342" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "324157b9fec2653cb8874c7a1a5b6e39b121992cd52856b8c4a2a8b7cee86a69" score = 75 quality = 90 @@ -34280,8 +34546,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df9F7Eb6Cdc5Ca243B33122E3941E25 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1344-L1360" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1344-L1360" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "703eccd5573fe42f03ec82887660d50e942156d840394746c90ba87d82507803" score = 75 quality = 90 @@ -34305,8 +34571,8 @@ rule REVERSINGLABS_Cert_Blocklist_58A541D50F9E2Fab4380C6A2Ed433B82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1362-L1378" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1362-L1378" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "69ddc58b6fec159d6eded8c78237a6a0626b1aedb58b0c9867b758fd09db46ad" score = 75 quality = 90 @@ -34330,8 +34596,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F273626859Ae4Bc4Becbbeb71E2Ab2D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1380-L1396" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1380-L1396" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c8be504f075041508f299b1df03d9cb9e58d9a89f49b7a926676033d18b108ba" score = 75 quality = 90 @@ -34355,8 +34621,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Ad46Ce4Db160B348C24F66C9663178 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1398-L1414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1398-L1414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "59ce2b7a2e881853d07446b3dda74b296f2be09651364d0e131552cf76dab751" score = 75 quality = 90 @@ -34380,8 +34646,8 @@ rule REVERSINGLABS_Cert_Blocklist_256541E204619033F8B09F9Eb7C88Ef8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1416-L1432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1416-L1432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e33cedf1dd24ac73f77461de0cef25cad57909be2a69469fec450ead7da85c65" score = 75 quality = 90 @@ -34405,8 +34671,8 @@ rule REVERSINGLABS_Cert_Blocklist_00E8Cc18Cf100B6B27443Ef26319398734 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1434-L1452" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1434-L1452" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "68e9df056109cae41d981090c7a98ddc192a445647d7475569ddbe4118e570c5" score = 75 quality = 90 @@ -34430,8 +34696,8 @@ rule REVERSINGLABS_Cert_Blocklist_62Af28A7657Ba8Ab10Fa8E2D47250C69 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1454-L1470" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1454-L1470" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c3c034cb4e2c65e2269fbfd9c045eb294badde60389ae62ed694ea4d61c5eb35" score = 75 quality = 90 @@ -34455,8 +34721,8 @@ rule REVERSINGLABS_Cert_Blocklist_04C8Eca7243208A110Dea926C7Ad89Ce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1472-L1488" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1472-L1488" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0012436e83704397026a8b2e500e5d61915e0f4c8ad4100176e200a975562e8f" score = 75 quality = 90 @@ -34480,8 +34746,8 @@ rule REVERSINGLABS_Cert_Blocklist_157C3A4A6Bcf35Cf8453E6B6C0072E1D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1490-L1506" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1490-L1506" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a68051ab6d0b967f08e44d91b9f13d75587ea0f16e2a5536ccf5898445e1a58" score = 75 quality = 90 @@ -34505,8 +34771,8 @@ rule REVERSINGLABS_Cert_Blocklist_04422F12037Bc2032521Dbb6Ae02Ea0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1508-L1524" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1508-L1524" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "381d749d24121d6634656fd33adcda5c3e500ee77a6333f525f351a2ee589e2c" score = 75 quality = 90 @@ -34530,8 +34796,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Eae6C98111Dc40Bf4F962Bf27227F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1526-L1542" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1526-L1542" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "20c0f4e9783586e68ff363fe6a72398f6ea27aef5d25f98872d1203ce1a0c9bd" score = 75 quality = 90 @@ -34555,8 +34821,8 @@ rule REVERSINGLABS_Cert_Blocklist_12D5A4B29Fe6156D4195Fba55Ae0D9A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1544-L1560" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1544-L1560" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "860550745f6dbcd7dd0925d9b8f04e8e08e8b7c06343a4c070e131a815c42e12" score = 75 quality = 90 @@ -34580,8 +34846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0087D60D1E2B9374Eb7A735Dce4Bbdae56 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1562-L1580" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1562-L1580" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6e0d22e926a237f1cc6b71c6f8ce01e497723032c9efba1e6af7327a786b608" score = 75 quality = 90 @@ -34605,8 +34871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0860C8A7Ed18C3F030A32722Fd2B220C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1582-L1598" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1582-L1598" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c777fb157a6669bfdf3143e77f69265e09458a2b42b75b72680eb043da71e85" score = 75 quality = 90 @@ -34630,8 +34896,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Fdadd0740572270203F8138692C4A83 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1600-L1616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1600-L1616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "18ce7ed721a454c5bb3cd6ab26df703b1e08b94b8c518055feffa38ad42afa50" score = 75 quality = 90 @@ -34655,8 +34921,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fc13D6220C629043A26F81B1Cad72D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1618-L1634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1618-L1634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5572c278f6c9be62b2bba09ea610fd170438c6893ee5283ff4a5b3bb2852b07b" score = 75 quality = 90 @@ -34680,8 +34946,8 @@ rule REVERSINGLABS_Cert_Blocklist_3457A918C6D3701B2Eaca6A92474A7Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1636-L1652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1636-L1652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "70d4bece52a86bfe8958f6d4195b833cea609596e3b68bb90087c262501bd462" score = 75 quality = 90 @@ -34705,8 +34971,8 @@ rule REVERSINGLABS_Cert_Blocklist_621Ed8265B0Ad872D9F4B4Ed6D560513 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1654-L1670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1654-L1670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c133d6eea5d27e597d0a656c7c930a5ca84adb46aa2fec66381b6b5c759e22aa" score = 75 quality = 90 @@ -34730,8 +34996,8 @@ rule REVERSINGLABS_Cert_Blocklist_56E22B992B4C7F1Afeac1D63B492Bf54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1672-L1688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1672-L1688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ef058c0ec352260fa3db0fc74331d1da3c9eb8d161cef7635632fd7c569198c6" score = 75 quality = 90 @@ -34755,8 +35021,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bc3Bae4118D46F3Fdd9Beeeab749Fee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1690-L1706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1690-L1706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fcbda27f8bf4dca8aa32103bb344380c82f0c701c25766df94c182ef94805a12" score = 75 quality = 90 @@ -34780,8 +35046,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0449F7691E5B4C8E74E71Cae822179 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1708-L1724" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1708-L1724" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f8d3593b357f27240a4399e877ae9044f783bb944ad47ec9fe8bbecc63be864c" score = 75 quality = 90 @@ -34805,8 +35071,8 @@ rule REVERSINGLABS_Cert_Blocklist_43Db4448D870D7Bdc275F36A01Fba36F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1726-L1742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1726-L1742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "951e35e2c3f1bd90a33f8b76b6ede5686ee9b9c97a4c71df5b9dff15956209c5" score = 75 quality = 90 @@ -34830,8 +35096,8 @@ rule REVERSINGLABS_Cert_Blocklist_2880A7F7Ff2D334Aa08744A8754Fab2C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1744-L1760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1744-L1760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03c7e1251c44e8824ae3b648a95cf34f4c56db65d76806306a062a343981d87f" score = 75 quality = 90 @@ -34855,8 +35121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0492F5C18E26Fa0Cd7E15067674Aff1C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1762-L1778" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1762-L1778" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d47d59d7680000d6c35181be2d9b034c2ecb7ca754a39c8e11750ddd7246b47c" score = 75 quality = 90 @@ -34880,8 +35146,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aa668Cd6A9De1Fdd476Ea8225326937 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1780-L1796" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1780-L1796" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "706e16995af40a6c9176dcbca07fb406f2efe4d47dbd9629d1a6b1ab1d09b045" score = 75 quality = 90 @@ -34905,8 +35171,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb06Dccb482255728671Ea12Ac41620 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1798-L1814" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1798-L1814" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e0867ffe2ddd28282fe78b27b3b12ebac525b33a27dd242bc6f55bcd2e066a18" score = 75 quality = 90 @@ -34930,8 +35196,8 @@ rule REVERSINGLABS_Cert_Blocklist_370C2467C41D6019Bbecd72E00C5D73D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1816-L1832" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1816-L1832" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b99522b75ee83d85b30146cb292b5a8a46dc300fb43dd9d39d9ca96c9d32d9b" score = 75 quality = 90 @@ -34955,8 +35221,8 @@ rule REVERSINGLABS_Cert_Blocklist_5067339614C5Cc219C489D40420F3Bf9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1834-L1850" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1834-L1850" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1716087285a093a3467583f79d7ae9bee641997227e6d4f95047905aedcc97c6" score = 75 quality = 90 @@ -34980,8 +35246,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E32531Ae83992F0573120A5E78De271 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1852-L1868" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1852-L1868" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b6d54ea8395c3666906b2e60c30b970c2c1b6f55ded874cbcc22dc79391fb34" score = 75 quality = 90 @@ -35005,8 +35271,8 @@ rule REVERSINGLABS_Cert_Blocklist_6967A89Bcf6Efef160Aaeebbff376C0A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1870-L1886" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1870-L1886" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "deb7465e453aa5838f81e15e270abc958a65e1a6051a88a5910244edbe874451" score = 75 quality = 90 @@ -35030,8 +35296,8 @@ rule REVERSINGLABS_Cert_Blocklist_7473D95405D2B0B3A8F28785Ce6E74Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1888-L1904" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1888-L1904" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e15b990b13617017ca2d1f8caf03d8ff3785ca9b860bf11f81af5dadf17a9be5" score = 75 quality = 90 @@ -35055,8 +35321,8 @@ rule REVERSINGLABS_Cert_Blocklist_04F380F97579F1702A85E0169Bbdfd78 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1906-L1922" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1906-L1922" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73dc6e36fdaf5c80b33f20f2a9157805ce1d0218f3898104de16522ee9cfd51b" score = 75 quality = 90 @@ -35080,8 +35346,8 @@ rule REVERSINGLABS_Cert_Blocklist_04D6B8Cc6Dce353Fcf3Ae8A532Be7255 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1924-L1940" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1924-L1940" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a316ad7f554428d02a850fb3bb04f349d30ecd2ccd4597e7a63461bf5e866e6f" score = 75 quality = 90 @@ -35105,8 +35371,8 @@ rule REVERSINGLABS_Cert_Blocklist_191322A00200F793 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1942-L1958" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1942-L1958" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1b816785f86189817c124636e50a0f369ec85cfd898223c4ba43758a877f1cf3" score = 75 quality = 90 @@ -35130,8 +35396,8 @@ rule REVERSINGLABS_Cert_Blocklist_451C9D0B413E6E8Df175 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1960-L1976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1960-L1976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7c94d87f79c9add4d7bf2a63d0774449319aa56cbc631dd9b0f19ed9bb9837d4" score = 75 quality = 90 @@ -35155,8 +35421,8 @@ rule REVERSINGLABS_Cert_Blocklist_03943858218F35Adb7073A6027555621 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1978-L1994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1978-L1994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "93369d51b73591559494a48fafa5e4f7d46301ecaa379d8de70a70ac4d2d2728" score = 75 quality = 90 @@ -35180,8 +35446,8 @@ rule REVERSINGLABS_Cert_Blocklist_09813Ee7318452C28A1F6426D1Cee12D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L1996-L2012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L1996-L2012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "89eb019192f822f9fe070403161d81e425fb8acdbc80e55fa516b5607eb8f8c7" score = 75 quality = 90 @@ -35205,8 +35471,8 @@ rule REVERSINGLABS_Cert_Blocklist_476Bf24A4B1E9F4Bc2A61B152115E1Fe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2014-L2030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2014-L2030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ec0f44d2a7a53ad5653334378b631abde1834ebfcf72efcdcce353c6b9ae17d" score = 75 quality = 90 @@ -35230,8 +35496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bd55818C5971B63Dc45Cf57Cbeb950B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2032-L2048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2032-L2048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5aa41a2d6a86a30559b36818602e1bdf2bfd38b799a4869c26c150052d6d788c" score = 75 quality = 90 @@ -35255,8 +35521,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0B2E9D2Ef909D15270D4Dd7Fa5A4A5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2050-L2066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2050-L2066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9c74eb025bb413503b97ffdba6f19eadecf3789ce3a5d5419f84e32e25c9b5b1" score = 75 quality = 90 @@ -35280,8 +35546,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E3D76Dc7E273E2F313Fc0775847A2A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2068-L2084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2068-L2084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b943057fc3e97cfccadb4b8f61289a93b659aacf2a40217fcf519d4882e70708" score = 75 quality = 90 @@ -35305,8 +35571,8 @@ rule REVERSINGLABS_Cert_Blocklist_47D5D5372Bcb1562B4C9F4C2Bdf13587 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2086-L2102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2086-L2102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fb4994647a2ed95c73625d90315c9b6deb6fb3b81b4aa6e847b0193f0a76650c" score = 75 quality = 90 @@ -35330,8 +35596,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ac10E68F1Ce519E84Ddcd28B11Fa542 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2104-L2120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2104-L2120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dac3b6b7609ec1e82afe4f9c6c14e2d32b6f5d8d49c59d6c605f2a94d71bc107" score = 75 quality = 90 @@ -35355,8 +35621,8 @@ rule REVERSINGLABS_Cert_Blocklist_31062E483E0106B18C982F0053185C36 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2122-L2138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2122-L2138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e45fc5b4d1b9f5cd35c56aad381e26e30675a9d99747cd318f3c77ea2af0e14a" score = 75 quality = 90 @@ -35380,8 +35646,8 @@ rule REVERSINGLABS_Cert_Blocklist_20D0Ee42Fc901E6B3A8Fefe8C1E6087A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2140-L2156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2140-L2156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2225302de1e8fe9f2ad064e19b2b1d9faf90c7cafbebff6ddd0921bf57c5f9e6" score = 75 quality = 90 @@ -35405,8 +35671,8 @@ rule REVERSINGLABS_Cert_Blocklist_127251B32B9A50Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2158-L2174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2158-L2174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8552ce9e9ab8d6b1025ab3c6e7b2485ef855236114c426475fde0b5f2e231ec9" score = 75 quality = 90 @@ -35430,8 +35696,8 @@ rule REVERSINGLABS_Cert_Blocklist_48Cad4E6966E22D6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2176-L2192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2176-L2192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7733b8a97d9f3538db04309a2e3f9df6cb64930b0b6f7f241c3e629be2dd7804" score = 75 quality = 90 @@ -35455,8 +35721,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E15205F180442Cc6C3C0F03E1A33D9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2194-L2210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2194-L2210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1ca238b5da4ff9940425c99f55542c931ccdf0ea3b0a2acbf00ffbbb54171ae0" score = 75 quality = 90 @@ -35480,8 +35746,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8E3B1613F73542F7106F272094Eb23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2212-L2228" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2212-L2228" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "15c21b783409d904a0b4971dbdcbd0740083d13f3c633ee77c87df46d3aca748" score = 75 quality = 90 @@ -35505,8 +35771,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ce2Bd0Ad3Cfde9Ea73Eec7Ca30400Da : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2230-L2246" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2230-L2246" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a879ecd957acd29e8a5bad6c97cd10453ab857949680b522735bd77eb561d2ee" score = 75 quality = 90 @@ -35530,8 +35796,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fbc30Db127A536C34D7A0Fa81B48193 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2248-L2264" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2248-L2264" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6b109b5636aa297a6e07f9d9213f7f07a7767b58442d03dc2f34f8a9b3eaba2b" score = 75 quality = 90 @@ -35555,8 +35821,8 @@ rule REVERSINGLABS_Cert_Blocklist_08448Bd6Ee9105Ae31228Ea5Fe496F63 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2266-L2282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2266-L2282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9bc044b4fdf381274a2c31bc997dcdfd553595d92de7b33dc472353a00011711" score = 75 quality = 90 @@ -35580,8 +35846,8 @@ rule REVERSINGLABS_Cert_Blocklist_02F17566Ef568Dc06C9A379Ea2F4Faea : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2284-L2300" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2284-L2300" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e3ec8a6de817354862880301e78a999f45f02c2fa8512bba6d27c9776f1a3417" score = 75 quality = 90 @@ -35605,8 +35871,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D824Ba1F7F730319C50D64C9A7Ed507 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2302-L2318" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2302-L2318" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "407611603974c910d9a6a0ed71ecdf54ddcc59abb0f48c60846e61d6d4191933" score = 75 quality = 90 @@ -35630,8 +35896,8 @@ rule REVERSINGLABS_Cert_Blocklist_77A64759F12766E363D779998C71Bdc9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2320-L2336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2320-L2336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2bf3d99ddec6b76da1ca60a9285767a5b34b84455db58195fc5d8fd8a22c9f8a" score = 75 quality = 90 @@ -35655,8 +35921,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B0D17Ec1449B4B2D38Fcb0F20Fbcd3A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2338-L2354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2338-L2354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3121f2c49d0d4c396023924521f2c980045b6f07d082e49447429e9cd640e0ef" score = 75 quality = 90 @@ -35680,8 +35946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe9404Dc73Cf1C2Ba1450B8398305557 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2356-L2374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2356-L2374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c0132d71de1384f6e534dd154eba88c4a51c43b7dfe984f3064ba4feffa4dd5a" score = 75 quality = 90 @@ -35705,8 +35971,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb2D523A6Bf7A066642C578De1C9Be4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2376-L2392" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2376-L2392" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a786b9ade5a59b8a1e0bbef1eb3dcb65404dcee19d572dc60f9ec9f45e4755b" score = 75 quality = 90 @@ -35730,8 +35996,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A6Ccabb1C62F3Be3Eb03869Fa43Dc4A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2394-L2410" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2394-L2410" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ccb603c8a5f4fb63876e78d763f80a97098c23aa10673c7b04a48026268f57d3" score = 75 quality = 90 @@ -35755,8 +36021,8 @@ rule REVERSINGLABS_Cert_Blocklist_864196F01971Dbec7002B48642A7013A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2412-L2430" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2412-L2430" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a3173bb08e673caaa64ab22854840a135e891044b165bbc67733c951ec6aa991" score = 75 quality = 90 @@ -35780,8 +36046,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fda1E121B61Adeca936A6Aebe079303 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2432-L2448" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2432-L2448" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "70a04c83e79c98024bacf1688bb46d80c9b8491e25dd32d6d92bf3cf61c62e48" score = 75 quality = 90 @@ -35805,8 +36071,8 @@ rule REVERSINGLABS_Cert_Blocklist_03866Deb183Abfbf4Ff458D4De7Bd73A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2450-L2466" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2450-L2466" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "90d09d0d2d01500e0670277d0e8de574feecf7443cf4d077912b1166a9c14c43" score = 75 quality = 90 @@ -35830,8 +36096,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Be41B34127Ca9E6270830D2070Db426 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2468-L2484" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2468-L2484" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b66c4b9264be70d53838442a3112c4bacbdf2dda90840d71c3eb949e630b3f17" score = 75 quality = 90 @@ -35855,8 +36121,8 @@ rule REVERSINGLABS_Cert_Blocklist_9B108B8A1Daa0D5581F59Fcee0447901 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2486-L2504" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2486-L2504" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "696e3da511f74f9cfb10b96130a36ae9f48c22f1e0deb76092db1262980ab3ac" score = 75 quality = 90 @@ -35880,8 +36146,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F8203C430Fc7Db4E61F6684F6829Ffc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2506-L2522" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2506-L2522" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cd22d1beea12d1f6c50f69e76074c2582ce5567887056c43d4d6c87d33fce1bf" score = 75 quality = 90 @@ -35905,8 +36171,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B6Daef5Be29F20Ddce4B0F5E9Fa6Ea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2524-L2540" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2524-L2540" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "edd2f302d2fac65f6a93372a24c3f80757f2b175af661032917366e9629c5491" score = 75 quality = 90 @@ -35930,8 +36196,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D6Dff1Ef96F01B9430666B2733Cc87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2542-L2558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2542-L2558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40d22137e9c5345859c5f000166da2a3117bcfcc19b4c5e81083cad80dfa6ee4" score = 75 quality = 90 @@ -35955,8 +36221,8 @@ rule REVERSINGLABS_Cert_Blocklist_0166B65038D61E5435B48204Cae4795A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2560-L2576" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2560-L2576" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4e289eda4d5381250bcd6e36daade6f1e1803b6d16578d7eaee4454cef6981d0" score = 75 quality = 90 @@ -35980,8 +36246,8 @@ rule REVERSINGLABS_Cert_Blocklist_784F226B45C3Bd8E4089243D747D1F59 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2578-L2594" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2578-L2594" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "df8ca35a07ec6815d1efb68fa6fbf8f80c57032ecb99d0b038da0604ceffe8cf" score = 75 quality = 90 @@ -36005,8 +36271,8 @@ rule REVERSINGLABS_Cert_Blocklist_11690F05604445Fae0De539Eeeeec584 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2596-L2612" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2596-L2612" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b66257f562f698559910eb9576f8fdf0ce3a750cc0a96a27e2ec1a18872ad13f" score = 75 quality = 90 @@ -36030,8 +36296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa146Bff4B832Bdbfe30B84580356763 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2614-L2632" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2614-L2632" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "37abe7a4fd773fd34f5d7dbe725ba4edcfb8ebb501dc41f386b8b0629161051f" score = 75 quality = 90 @@ -36055,8 +36321,8 @@ rule REVERSINGLABS_Cert_Blocklist_E86F46B60142092Aae81B8F6Fa3D9C7C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2634-L2652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2634-L2652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6de16a44bc84fbf8f1d3d82526e1d7f8fd4ae3da6deaa471c77d2c8df47a14b0" score = 75 quality = 90 @@ -36080,8 +36346,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A0Fd2A4Ef4C2A36Ab9C5E8F792A35E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2654-L2670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2654-L2670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8e768415998a6a92961986cb0a9d310514d928be93b3e5a9aaa9ec71bf5886ad" score = 75 quality = 90 @@ -36105,8 +36371,8 @@ rule REVERSINGLABS_Cert_Blocklist_53Bb753B79A99E61A6E822Ac52460C70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2672-L2688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2672-L2688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24ff4f46fa6e85c25e130459f9b8d6907cf6cd51098e0cf45ec11d54d7de509b" score = 75 quality = 90 @@ -36130,8 +36396,8 @@ rule REVERSINGLABS_Cert_Blocklist_83F68Fc6834Bf8Bd2C801A2D1F1Acc76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2690-L2708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2690-L2708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "35552242f9f0a56b45e30e6f376877446f33e24690ff5d7b03dc776fab178afd" score = 75 quality = 90 @@ -36155,8 +36421,8 @@ rule REVERSINGLABS_Cert_Blocklist_F385E765Acfb95605C9B35Ca4C32F80E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2710-L2728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2710-L2728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c73c8f1913d3423a52f5e77751813460ae9200eb3cb1cc6e2ec30f37f0da8152" score = 75 quality = 90 @@ -36180,8 +36446,8 @@ rule REVERSINGLABS_Cert_Blocklist_F62C9C4Efc81Caf0D5A2608009D48018 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2730-L2748" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2730-L2748" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08fcff795297c0608b1a1d71465279cbf76d4dff06de2a2262a58debbb2f9e0d" score = 75 quality = 90 @@ -36205,8 +36471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cc8D902Da36587C9B2113Cd76C3C3F8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2750-L2768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2750-L2768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "25e524d23ccc1c06f602a086369ffd44b8c97b76c29f068764081339556b3465" score = 75 quality = 90 @@ -36230,8 +36496,8 @@ rule REVERSINGLABS_Cert_Blocklist_328Bdcc0F679C4649147Fbb3Eb0E9Bc6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2770-L2786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2770-L2786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6d9e1f25ca252ca9dda7714c52a2e57fd3b5dca08cd2a45c9dec18a31d3bb342" score = 75 quality = 90 @@ -36255,8 +36521,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F78149Eb4F75Eb17404A8143Aaeaed7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2788-L2804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2788-L2804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0c7c9e8d2a9304e0407b8a1a29977312a9ba766a4052c6b874855fa187c85585" score = 75 quality = 90 @@ -36280,8 +36546,8 @@ rule REVERSINGLABS_Cert_Blocklist_629D120Dd84F9C1688D4Da40366Fab7A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2806-L2822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2806-L2822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "187f6ef0de869500526d1b0d5c6f6762b0a939e06781e633a602834687c64023" score = 75 quality = 90 @@ -36305,8 +36571,8 @@ rule REVERSINGLABS_Cert_Blocklist_039E5D0E3297F574Db99E1D9503853D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2824-L2840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2824-L2840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2f150f60b7dce583fc68705f0b29a7c8684f1b69020275b2ec1ac6beeaa63952" score = 75 quality = 90 @@ -36330,8 +36596,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc32Bbe5Bbb4F06F490C50651Cd5Da50 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2842-L2860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2842-L2860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "104be481b7d4b1cb3c43c72314afc3641983838b5177c34a88d6da0d0e7b89c9" score = 75 quality = 90 @@ -36355,8 +36621,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E1656Dfcaacfed7C2D2564355698Aa3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2862-L2878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2862-L2878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ba7cca8d71f571644cabd3d491cddefffd05ca7a838f262a343a01e4a09bb72a" score = 75 quality = 90 @@ -36380,8 +36646,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Bf1D68E926E2Dd8966008C44F95Ea1C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2880-L2896" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2880-L2896" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "44b5aae8380e3590ebb6e2365e89b3827432e8330e5290dc8f8603a00bcf62f6" score = 75 quality = 90 @@ -36405,8 +36671,8 @@ rule REVERSINGLABS_Cert_Blocklist_149C12083C145E28155510Cfc19Db0Fe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2898-L2914" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2898-L2914" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f616fc470e223d65ac4c984394a38d566265ab37829ff566012de0a1527396c2" score = 75 quality = 90 @@ -36430,8 +36696,8 @@ rule REVERSINGLABS_Cert_Blocklist_77E0117E8B2B8Faa84Bed961019D5Ef8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2916-L2932" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2916-L2932" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bea94b9da8c176f22a66fe7a4545dcc3a38f727a75a0bc7920d9aece8e24b9b7" score = 75 quality = 90 @@ -36455,8 +36721,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F3Feb4Baf377Aea90A463C5Dee63884 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2934-L2950" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2934-L2950" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "56c37e758db33aa40e9a2c1c5a4eb14c2c370f614e838d86bf20c64f79e2a746" score = 75 quality = 90 @@ -36480,8 +36746,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D2580E89526F7852B570654Efd9A8Bf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2952-L2968" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2952-L2968" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0f46fcfc8ee06756646899450daa254d3e5261bdc5c2339f20d01971608fff7b" score = 75 quality = 90 @@ -36505,8 +36771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fffe432A53Ff03B9223F88Be1B83D9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2970-L2986" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2970-L2986" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e7dbe6b95877f9473661ccf26fa6e5142147609adfe0a9bb8b493875325710af" score = 75 quality = 90 @@ -36530,8 +36796,8 @@ rule REVERSINGLABS_Cert_Blocklist_832E161Aea5206D815F973E5A1Feb3E7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L2988-L3006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L2988-L3006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "da908de031c78aa012809988e44dea564d32b88b65a2010925c1af85d578a68a" score = 75 quality = 90 @@ -36555,8 +36821,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Aecea45Bfd40Ce7D62D7D711916D7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3008-L3024" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3008-L3024" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d1c6bfb10a244ba866c8aabdff6055388afa8096fd4bd77bb21f781794333e9b" score = 75 quality = 90 @@ -36580,8 +36846,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ff4Eda5Fa641E70162713426401F438 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3026-L3042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3026-L3042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58f5e163d9807520497ba55e42c048020f6b7653ed71f3954e7ffb490f4de0e4" score = 75 quality = 90 @@ -36605,8 +36871,8 @@ rule REVERSINGLABS_Cert_Blocklist_067Dffc5E3026Eb4C62971C98Ac8A900 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3044-L3060" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3044-L3060" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b7c4cded14afd8ba3feabb6debaa1317917b811b44e22aa8a0b3ea00d689141" score = 75 quality = 90 @@ -36630,8 +36896,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Da219688E51Fd0Bfac2C891D56Cbb8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3062-L3080" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3062-L3080" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03549214940a8689213bd2eb891da1c1991627c81c8b7f26860141c397409d46" score = 75 quality = 90 @@ -36655,8 +36921,8 @@ rule REVERSINGLABS_Cert_Blocklist_7289B0F9Bd641E3E352Dc3183F8De6Be : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3082-L3098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3082-L3098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "42b068e85b3aff5e6dd5ec4979f546dc5338ebf8719d86c0641ffb8353959af9" score = 75 quality = 90 @@ -36680,8 +36946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd7B7A8678A67181A54Bc7499Eba44Da : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3100-L3118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3100-L3118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1e26ea26890043be2c8b9c35ba2e6758b60fe173f00bf4c77cc5289ce0d5600" score = 75 quality = 90 @@ -36705,8 +36971,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ebbdd6Cdeda40Ca64513280Ecd625C54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3120-L3138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3120-L3138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1d419f2fe2a9bf744bdde48adc50e0bc48746f1576f96570385a2a1c9ba92d21" score = 75 quality = 90 @@ -36730,8 +36996,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Da676C1Dcfcf188276E2C70D68082E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3140-L3156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3140-L3156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4f8af4a5c9812e6559218e387e32bc02cb0adcd40d9d4963fefc929f6101ae9a" score = 75 quality = 90 @@ -36755,8 +37021,8 @@ rule REVERSINGLABS_Cert_Blocklist_767436921B2698Bd18400A24B01341B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3158-L3174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3158-L3174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "759bbbc5929463ad68d5dcd28b30401b9ff680f522172ed8d5d7dd3772e07587" score = 75 quality = 90 @@ -36780,8 +37046,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E795531B3265510F935187Eca59920A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3176-L3192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3176-L3192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d597e88314f9f20283b40058dd74167d0d72f7518277a57f26c15e44b670b386" score = 75 quality = 90 @@ -36805,8 +37071,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F40B1485309A064A28B96Bfa3F55F36 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3194-L3212" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3194-L3212" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58dd47bfd2acd698bc27fb03eb51e4b8598ef6c71f7193e3cc4eea63982855f0" score = 75 quality = 90 @@ -36830,8 +37096,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2120Facadbb92Cc0A176759604C6A0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3214-L3232" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3214-L3232" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08462b1bd3d45824aeea901a4db19365c28d8b8b0f594657df7a59250111729b" score = 75 quality = 90 @@ -36855,8 +37121,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F407Eb50803845Cc43937823E1344C0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3234-L3250" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3234-L3250" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4d5a2b0619be902d8a437f204ae1b87222c73d3186930809b1f694bad429aea8" score = 75 quality = 90 @@ -36880,8 +37146,8 @@ rule REVERSINGLABS_Cert_Blocklist_6922Bb5De88E4127E1Ac6969E6A199F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3252-L3268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3252-L3268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "39dbaa232ea9125934b3682d780e3821d12e771f2b844d027d99a432fe249d9f" score = 75 quality = 90 @@ -36905,8 +37171,8 @@ rule REVERSINGLABS_Cert_Blocklist_73065Efa163B7901Fa1Ccb0A54E80540 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3270-L3286" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3270-L3286" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e420c37c04aa676c266a4c2c228063239815c173a83c39d426c5a674648f1934" score = 75 quality = 90 @@ -36930,8 +37196,8 @@ rule REVERSINGLABS_Cert_Blocklist_4842Afad00904Ed8C98811E652Ccb3B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3288-L3304" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3288-L3304" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b5c7c13369c7b89f1ea5474de3644a12bf6412cb3fa8ade5b66de280fb10cbf" score = 75 quality = 90 @@ -36955,8 +37221,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A59A686B4A904D0Fca07153Ea6Db6Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3306-L3322" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3306-L3322" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7597b2ba870ec58ac0786a97fb92956406fe019c81f6176cc1a581988d3a9632" score = 75 quality = 90 @@ -36980,8 +37246,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B6D8152F4A06Ba781C6677Eea5Ab74B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3324-L3340" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3324-L3340" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bd20cf8e4cab2117361dbe05ae2efe813e7f55667b1f3825cd893313d98dcb5f" score = 75 quality = 90 @@ -37005,8 +37271,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ad60Cea73E1Dd1A3E6C02D9B339C380 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3342-L3358" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3342-L3358" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fb83cf25be19e7cccd2c8369c3a37a90af72cb2f76db3619b8311d2a851335a8" score = 75 quality = 90 @@ -37030,8 +37296,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df2Dfed47C6Fd6542131847Cffbc102 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3360-L3376" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3360-L3376" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fc6adbfd45ff6ac465aecb3db862421f02170e977fc044017f3ddc306a9f7a37" score = 75 quality = 90 @@ -37055,8 +37321,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Fedf0F8398060Fa8378C6D174465C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3378-L3394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3378-L3394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "406821c7990f05fdad91704f6418304f53dd4800bc4b41912177a1695858fade" score = 75 quality = 90 @@ -37080,8 +37346,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bd6A5Bba28E7C1Ca44880159Dace237 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3396-L3412" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3396-L3412" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f885c782148947d09133a3cc65319e02204c21d6c6d911b360840f25f37601dc" score = 75 quality = 90 @@ -37105,8 +37371,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F8F1E00C69E96A51Bf14Aab1C6Ae0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3414-L3432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3414-L3432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c2b5ffa305b761b57dd91c0acea0d8f82bec6b7d3608be10a20ea63621f3f3e8" score = 75 quality = 90 @@ -37130,8 +37396,8 @@ rule REVERSINGLABS_Cert_Blocklist_23F537Ce13C6Cccdfd3F8Ce81Fb981Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3434-L3450" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3434-L3450" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d347bce3eddd0cac276a7504955f0342ae44fd93d238e514af5b1fdc208b68fc" score = 75 quality = 90 @@ -37155,8 +37421,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ecfdbb99Aec176Ddfcf7958D120E1A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3452-L3468" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3452-L3468" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d911156707cef97acf79c096b5d4a4db166ddf05237168f1ecffb0c0a2ebd8fa" score = 75 quality = 90 @@ -37180,8 +37446,8 @@ rule REVERSINGLABS_Cert_Blocklist_675129Bb174A5B05E330Cc09F8Bbd70A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3470-L3486" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3470-L3486" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d989ea5233e8a64bffa0e29645c3458ef1f5173158ced7814c3b473b92ef49f4" score = 75 quality = 90 @@ -37205,8 +37471,8 @@ rule REVERSINGLABS_Cert_Blocklist_De13Fe2Dbb8F890287E1780Aff6Ffd22 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3488-L3504" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3488-L3504" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ebd983bcfa1e5d54af9d9e07d80d05f4752040eab92e63cd986db789fa07026f" score = 75 quality = 90 @@ -37230,8 +37496,8 @@ rule REVERSINGLABS_Cert_Blocklist_Da000D18949C247D4Ddfc2585Cc8Bd0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3506-L3524" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3506-L3524" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3453f13e633a2c233f78d0389c655bb5304e567407b3e0c5c47e5e7127c345ca" score = 75 quality = 90 @@ -37255,8 +37521,8 @@ rule REVERSINGLABS_Cert_Blocklist_06E842D3Ea6249D783D6B55E29C060C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3526-L3542" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3526-L3542" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9f71de0119527c8580f9e47e3fba07242814c5a537d727d4541fd7a802b0cb86" score = 75 quality = 90 @@ -37280,8 +37546,8 @@ rule REVERSINGLABS_Cert_Blocklist_06473C3C19D9E1A9429B58B6Faec2967 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3544-L3560" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3544-L3560" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f9ca49ce65d213dce803806956c0ce1da0c4068bea173daae9cb06dab0a86268" score = 75 quality = 90 @@ -37305,8 +37571,8 @@ rule REVERSINGLABS_Cert_Blocklist_39F56251Df2088223Cc03494084E6081 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3562-L3578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3562-L3578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c87850f91758a5bb3bdf6f6d7de9a3f53077d64cebdde541ac0742d3cea4f4e0" score = 75 quality = 90 @@ -37330,8 +37596,8 @@ rule REVERSINGLABS_Cert_Blocklist_1362E56D34Dc7B501E17Fa1Ac3C3E3D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3580-L3596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3580-L3596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0415c5a49076bab23dfc29ef2d6168b93d6bfde07a89ccb0368d2c967422407a" score = 75 quality = 90 @@ -37355,8 +37621,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B83593Fc78D92Cfaa9Bdf3F97383964 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3598-L3614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3598-L3614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "775e41fc102cbaeb9374984380b0e073de2a0075b9a200f8ab644bd1369ba015" score = 75 quality = 90 @@ -37380,8 +37646,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7505E7464E00Ec1Dccd8D1B466D15Ff : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3616-L3634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3616-L3634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7c5c84cb9071eff6a1bd7062506b807466bb4a432d1ed073961898c6c08cc4bd" score = 75 quality = 90 @@ -37405,8 +37671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbf91988Fb83511De1B3A7A520712E9C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3636-L3654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3636-L3654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5862a8ec43d2e545f36b815ada2bb31c4384a8161c6956a31f3bd517532923fd" score = 75 quality = 90 @@ -37430,8 +37696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ce3675Ae4Abfe688870Bcacb63060F4F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3656-L3674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3656-L3674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0c6f2ef55bef283a3f915fd8c1ced27c3c665f7f490caeea0f180c2d7fa2b2b5" score = 75 quality = 90 @@ -37455,8 +37721,8 @@ rule REVERSINGLABS_Cert_Blocklist_9813229Efe0046D23542Cc7569D5A403 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3676-L3694" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3676-L3694" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0d8f0df83572b8d31f29cb76f44d524fd1ae0467d2d99af959e45694524d18e8" score = 75 quality = 90 @@ -37480,8 +37746,8 @@ rule REVERSINGLABS_Cert_Blocklist_86E5A9B9E89E5075C475006D0Ca03832 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3696-L3714" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3696-L3714" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5ba0b0f1b104eb11023590b8ef2b9cc747372bc9310a754694d45d3b3ce293e9" score = 75 quality = 90 @@ -37505,8 +37771,8 @@ rule REVERSINGLABS_Cert_Blocklist_075Dca9Ca84B93E8A89B775128F90302 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3716-L3732" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3716-L3732" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "32af21e71fb3475c50de4cd8a24fa0aec1ee67bc01c1a3720c12f9ce822833c3" score = 75 quality = 90 @@ -37530,8 +37796,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ddce8Cdc91B5B649Bb4B45Ffbba6C6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3734-L3750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3734-L3750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "622e6ed08ca26908539519f37cf493f8030100bd5e88cb05e851b7d56b0f4c0d" score = 75 quality = 90 @@ -37555,8 +37821,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd614D5869Bb66C96B67E154D517384 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3752-L3770" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3752-L3770" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d9eea38a1340797cef129b12cf2bb46c444e6f312db7356260f0ac0d9e63183d" score = 75 quality = 90 @@ -37580,8 +37846,8 @@ rule REVERSINGLABS_Cert_Blocklist_540Cea639D5D48669B7F2F64 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3772-L3788" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3772-L3788" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3d3774f10ff9949ea13a7892662438b84b3eb895fc986092649fa9b192170d48" score = 75 quality = 90 @@ -37605,8 +37871,8 @@ rule REVERSINGLABS_Cert_Blocklist_03A7748A4355020A652466B5E02E07De : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3790-L3806" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3790-L3806" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6dc6d0fd2b702939847981ff31c2d8103227ccd0c19f999849ff89c64a90f92f" score = 75 quality = 90 @@ -37630,8 +37896,8 @@ rule REVERSINGLABS_Cert_Blocklist_B881A72D4117Bbc38B81D3C65C792C1A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3808-L3826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3808-L3826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bad2a06090f077ebc635d21446b47c9f115fe477567afb3d5994043f5a7883b1" score = 75 quality = 90 @@ -37655,8 +37921,8 @@ rule REVERSINGLABS_Cert_Blocklist_08653Ef2Ed9E6Ebb56Ffa7E93F963235 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3828-L3844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3828-L3844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5ae8d2fb03cd0f945c2f5eb86de4e5da4fbb1cdf233d8a808157304538ced872" score = 75 quality = 90 @@ -37680,8 +37946,8 @@ rule REVERSINGLABS_Cert_Blocklist_9C4816D900A6Ecdbe54Adf72B19Ebcf5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3846-L3864" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3846-L3864" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "92e8130f444417d5bc3788721280338bbed33e3362104de0cf27bc7c1fc30d0e" score = 75 quality = 90 @@ -37705,8 +37971,8 @@ rule REVERSINGLABS_Cert_Blocklist_269174F9Fe7C6Ed4E1D19B26C3F5B35F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3866-L3882" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3866-L3882" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "95c9720d6311c2fe7026b6cac092d59967479e6c9382eac1d26f7745efa92860" score = 75 quality = 90 @@ -37730,8 +37996,8 @@ rule REVERSINGLABS_Cert_Blocklist_523Fb4036368Dc26192D68827F2D889B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3884-L3900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3884-L3900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1886a046305637d335c493972560de56d8186bf99183aed5e2040b2e530fc22" score = 75 quality = 90 @@ -37755,8 +38021,8 @@ rule REVERSINGLABS_Cert_Blocklist_84F842F6D33Cd2F25B88Dd1710E21137 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3902-L3920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3902-L3920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5aad8e95d1306626b63d767fce4706104330dd776b75c09cc404227863564307" score = 75 quality = 90 @@ -37780,8 +38046,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fbcaa289Ba925B4E247809B6B028202 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3922-L3938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3922-L3938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c41a4f9ccda54b9735313edf9042b831e6eaca149c089f74a823cee6719e1064" score = 75 quality = 90 @@ -37805,8 +38071,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F2E8Effbb08C7Dbcc7A7F2D835457B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3940-L3956" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3940-L3956" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0b446641617d435c3d312592957e19c3d391b0149eafcf9ac2da51e8d9080eb4" score = 75 quality = 90 @@ -37830,8 +38096,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aeba4C39306Fdd022849867801645814 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3958-L3976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3958-L3976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "82c149f1d8ef93a0df2035690c5cdca935236687bc36a35a84c3d6610eb6902c" score = 75 quality = 90 @@ -37855,8 +38121,8 @@ rule REVERSINGLABS_Cert_Blocklist_028D50Ae0C554B49148E82Db5B1C2699 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3978-L3994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3978-L3994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e3cc0066cad56d78a3f42e092befa3b0855b2ed33c8465c5ecbb19fec082d35e" score = 75 quality = 90 @@ -37880,8 +38146,8 @@ rule REVERSINGLABS_Cert_Blocklist_684F478C7259Dde0Cfe2260112Ca9846 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L3996-L4012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L3996-L4012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "59654ba1df27029a04ef3b1a1bb54f6c15b727f2013923a11a729752b8829743" score = 75 quality = 90 @@ -37905,8 +38171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7C32208A954A483Dd102E1Be094867 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4014-L4030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4014-L4030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "49e2208a7d2b5684283c1dfc9856f864d16b50f951f58e0252c97419819a46ec" score = 75 quality = 90 @@ -37930,8 +38196,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E72Daf2B9A4449E946009E5084A8E76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4032-L4048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4032-L4048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1a7bf6c18e0ebf8aef53feb7d7789ce87c96e00962c64e07a37d968702d2fa5" score = 75 quality = 90 @@ -37955,8 +38221,8 @@ rule REVERSINGLABS_Cert_Blocklist_11Edd343E21C36Ac985555D85C16135F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4050-L4066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4050-L4066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "17feeed4be074a30572eb12fc81dc15d1b06f2d3f7b4b4fb4443391c62ac4d9b" score = 75 quality = 90 @@ -37980,8 +38246,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Fe63D1A5F68F14Ecaac871A03F7A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4068-L4084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4068-L4084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "333c58a9af2d94604b637ab0a7280b6688a89ff73e30a93a8daed040fab7f620" score = 75 quality = 90 @@ -38005,8 +38271,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bb26B7B6634D5Db548C437B5085B01C1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4086-L4104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4086-L4104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58d574b196f84416eb04000205cd8f4817618003f2948bb0eb7d951c282ef6ff" score = 75 quality = 90 @@ -38030,8 +38296,8 @@ rule REVERSINGLABS_Cert_Blocklist_29128A56E7B3Bfb230742591Ac8B4718 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4106-L4122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4106-L4122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a89fec015e56ddddaed75be91a87288dcd27841937d26e3416187913c4f0b85" score = 75 quality = 90 @@ -38055,8 +38321,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bfbfdfef43608730Ee14779Ee3Ee2Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4124-L4140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4124-L4140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f8f233b78e9d3558b0cd7978e3c5fa32645a3bb706c6fdec7f1e4195cf513f10" score = 75 quality = 90 @@ -38080,8 +38346,8 @@ rule REVERSINGLABS_Cert_Blocklist_62205361A758B00572D417Cba014F007 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4142-L4158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4142-L4158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ebf28921c81191bcf6130baf6532122bb320cc916e38ab225f0acdcb57ea00f3" score = 75 quality = 90 @@ -38105,8 +38371,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B47D18Dbea57Abd1563Ddf89F87A6C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4160-L4176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4160-L4176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2e464f4e9bfe0c9510a78552acffb241d2435ea9bf3f5f2501353d7f8f280d78" score = 75 quality = 90 @@ -38130,8 +38396,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be41E2C7Bb2493044B9241Abb732599D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4178-L4196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4178-L4196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "eb5d94b80fd030d14dc26878895c61761825f3c77209ca0280e88dcd1800f9c2" score = 75 quality = 90 @@ -38155,8 +38421,8 @@ rule REVERSINGLABS_Cert_Blocklist_15C5Af15Afecf1C900Cbab0Ca9165629 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4198-L4214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4198-L4214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5c54f32dbac271b2b60ec40bd052b5566a512cd2bcb4255057b21262806882d2" score = 75 quality = 90 @@ -38180,8 +38446,8 @@ rule REVERSINGLABS_Cert_Blocklist_476De2F108D20B43Ba3Bae6F331Af8F1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4216-L4232" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4216-L4232" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e5edf3e15b2139ba6cd85f2cfea63b53f7fa36a3fd7224a4a9ccbe5de6eb6f1d" score = 75 quality = 90 @@ -38205,8 +38471,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Ddcc67F8Cad6929607E4Cda29B3503 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4234-L4250" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4234-L4250" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4cd975312ca825b51f34f5c89184a56526877436224c1e7407d715b28ebfd9d5" score = 75 quality = 90 @@ -38230,8 +38496,8 @@ rule REVERSINGLABS_Cert_Blocklist_052242Ace583Adf2A3B96Adcb04D0812 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4252-L4268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4252-L4268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e1593a2bf375912e411d5f19d9e232c6b87f0897bb6f1c0b0539380b34b05af5" score = 75 quality = 90 @@ -38255,8 +38521,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bebef5C533Ce92Efc402Fab8605C43Ec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4270-L4288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4270-L4288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "daa57ad622799467c60693060e6c9eea18bdf0bb26f178e8b03453aab486ccf4" score = 75 quality = 90 @@ -38280,8 +38546,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D3F39F481Fe067F8A9289Bb49E05A04 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4290-L4306" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4290-L4306" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2fdf8b59d302d2ce81a1e9a5715138adc1ec45bd86871c4c2e46412407e329f9" score = 75 quality = 90 @@ -38305,8 +38571,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Be35D025E65Cc7A4Ee01F72 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4308-L4324" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4308-L4324" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dad7ab834a67d36c0b63e45922aea566dc0aaf922be2b74161616b3caea83fdc" score = 75 quality = 90 @@ -38330,8 +38596,8 @@ rule REVERSINGLABS_Cert_Blocklist_351Fe2Efdc0Ac56A0C822Cf8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4326-L4342" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4326-L4342" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "46b87c3531e01ba150f056ec3270564426363ef8c58256eeedbcab247c7625e4" score = 75 quality = 90 @@ -38355,8 +38621,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Cfbb4C69008821Aaacecde97Ee149Ab : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4344-L4362" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4344-L4362" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d74b13eeb5d0a57c5dd3257480230c504a68a8422e77a46bb2e101abb2c7f282" score = 75 quality = 90 @@ -38380,8 +38646,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F5D17Af872Cb2C37E3367Fe761D0D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4364-L4382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4364-L4382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4a4d60aa3722a710fe23d5e11c55a28bfe721bb4e797b041d58f62a994487799" score = 75 quality = 90 @@ -38405,8 +38671,8 @@ rule REVERSINGLABS_Cert_Blocklist_02C5351936Abe405Ac760228A40387E8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4384-L4400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4384-L4400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a990f8d1a3f467cdafa0f625bc162745d9201e15ce43fdc93cd6b1730572e89" score = 75 quality = 90 @@ -38430,8 +38696,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ecd829Adcc55D9D6Afe30Dc371Ebda6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4402-L4420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4402-L4420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "02955f4df7deccab52cdd82fd04d5012db7440f85c87d750fa9f81ff85e2dab0" score = 75 quality = 90 @@ -38455,8 +38721,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0167124Ca59149E64D292Eb4B142014 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4422-L4440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4422-L4440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "10d980d4a71dab4679376f5a6d6a6999e0b59af4f25587a7b8d1ef52a7808cc9" score = 75 quality = 90 @@ -38480,8 +38746,8 @@ rule REVERSINGLABS_Cert_Blocklist_112613B7B5F696Cf377680F6463Fcc8C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4442-L4458" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4442-L4458" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "50fd35617e059a5fe9d9e0fdb4b880c20e406357bbb2d037f9e6e9db47b8e49f" score = 75 quality = 90 @@ -38505,8 +38771,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3F906E5E6B2Cf61C5E51Be79B4E8777 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4460-L4478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4460-L4478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "037e154854c1128fb73d2221c2b7d7211d977492378614fcf4fde959207e34b3" score = 75 quality = 90 @@ -38530,8 +38796,8 @@ rule REVERSINGLABS_Cert_Blocklist_566Ac16A57B132D3F64Dced14De790Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4480-L4496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4480-L4496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "48f4d334614f6c413907d51f4d6312554b13c4f5a3c03070ceba48baa13a8247" score = 75 quality = 90 @@ -38555,8 +38821,8 @@ rule REVERSINGLABS_Cert_Blocklist_D2Caf7908Aaebfa1A8F3E2136Fece024 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4498-L4516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4498-L4516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cf4d17274ef36d61e78578d34634bf6e5fb0fb857a9a92184916b0f3b8484568" score = 75 quality = 90 @@ -38580,8 +38846,8 @@ rule REVERSINGLABS_Cert_Blocklist_E04A344B397F752A45B128A594A3D6B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4518-L4536" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4518-L4536" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0489577c6050f0c5d1dad5bda8c4f3c895902b932cd0324087712ccb83f14680" score = 75 quality = 90 @@ -38605,8 +38871,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bcaed3Ef678F2F9Bf38D09E149B8D70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4538-L4554" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4538-L4554" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dbf85cbd1d92823287749dac312f95576900753f60a694347b31b1e3aaa288a8" score = 75 quality = 90 @@ -38630,8 +38896,8 @@ rule REVERSINGLABS_Cert_Blocklist_56D576A062491Ea0A5877Ced418203A1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4556-L4572" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4556-L4572" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "19bd6834b432f3dc8786b449241082b359275559a112a8ef4a51efe185b256dc" score = 75 quality = 90 @@ -38655,8 +38921,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fcba260Df7Da602Ecf4D4D6Fc89D5Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4574-L4590" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4574-L4590" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4e9a3e516342820248ebf9b3605b8ce2dbf1d9b4255a5b74f7369dd2f1cdd9d8" score = 75 quality = 90 @@ -38680,8 +38946,8 @@ rule REVERSINGLABS_Cert_Blocklist_4152169F22454Ed604D03555B7Afb175 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4592-L4608" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4592-L4608" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbb2124b934c270739f564317526d5b23b996364372426485d7c994a83293866" score = 75 quality = 90 @@ -38705,8 +38971,8 @@ rule REVERSINGLABS_Cert_Blocklist_01C88Ccbd219500139D1Af138A9E898E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4610-L4626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4610-L4626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d1acb0a7d6e20158797e77c066be42548cee9293fa94f24f936a95977ac16d91" score = 75 quality = 90 @@ -38730,8 +38996,8 @@ rule REVERSINGLABS_Cert_Blocklist_41D05676E0D31908Be4Dead3486Aeae3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4628-L4644" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4628-L4644" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c4905f02c74df6d05b3f9a6fe2c4f5f32a02bb10da4db929314be043be76d703" score = 75 quality = 90 @@ -38755,8 +39021,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cff807Edaf368A60E4106906D8Df319 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4646-L4664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4646-L4664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6fc98519faf218d90bb4e01821e6014e009c0b525cfd3c906a64ef82bc20beda" score = 75 quality = 90 @@ -38780,8 +39046,8 @@ rule REVERSINGLABS_Cert_Blocklist_A3E62Be1572293Ad618F58A8Aa32857F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4666-L4684" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4666-L4684" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f849898465bc651f19f6f1b54315c061466d8c5860ecf1a07f54c8c8292f6a95" score = 75 quality = 90 @@ -38805,8 +39071,8 @@ rule REVERSINGLABS_Cert_Blocklist_672D4428450Afcc24Fc60969A5063A3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4686-L4702" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4686-L4702" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8f5927e96109184bad7de4513994fd1021fe1cc5977e60fa72d808df95cb4516" score = 75 quality = 90 @@ -38830,8 +39096,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df479E14A70C7970A4De3Dd3E4Bb0318 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4704-L4722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4704-L4722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "35b1f04cf5d5d1d89db537bf75737e3af5945e594f4d4231e9ae3e7fba52fc0d" score = 75 quality = 90 @@ -38855,8 +39121,8 @@ rule REVERSINGLABS_Cert_Blocklist_2924785Fd7990B2D510675176Dae2Bed : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4724-L4740" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4724-L4740" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e308ca5f24ed5811e947289caf9aa820a16b08ea183c7aa9826f8a726fb5c3cf" score = 75 quality = 90 @@ -38880,8 +39146,8 @@ rule REVERSINGLABS_Cert_Blocklist_F4D2Def53Bccb0Dd2B7D54E4853A2Fc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4742-L4760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4742-L4760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9991f44b8e984bd79269c44999481258d94bec9c21b154b63c6c30ae52344b3c" score = 75 quality = 90 @@ -38905,8 +39171,8 @@ rule REVERSINGLABS_Cert_Blocklist_03Bf9Ef4Cf037A2385649026C3Da9D3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4762-L4778" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4762-L4778" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "14196bad586b1349e6e8a1eb5621ce0d8d346ff8021c8ef80804de1533fd40d9" score = 75 quality = 90 @@ -38930,8 +39196,8 @@ rule REVERSINGLABS_Cert_Blocklist_790177A54209D55560A55Db97C5900D6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4780-L4796" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4780-L4796" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "07c8e21fe604b481beebae784eb49e32bebee70e749581a55313bfbc757752e2" score = 75 quality = 90 @@ -38955,8 +39221,8 @@ rule REVERSINGLABS_Cert_Blocklist_048F7B5F67D8E2B3030F75Eb7Be2713D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4798-L4814" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4798-L4814" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6d1b47f3c9d7b90a5470f83a848adeebff2cf9341a1eb41ca8b45d08b469b17f" score = 75 quality = 90 @@ -38980,8 +39246,8 @@ rule REVERSINGLABS_Cert_Blocklist_082023879112289Bf351D297Cc8Efcfc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4816-L4832" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4816-L4832" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58bec160445765ce45a26bf9d96ba6cfe61eee31e0953009d40a7ec64920c677" score = 75 quality = 90 @@ -39005,8 +39271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D53690631Dd186C56Be9026Eb931Ae2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4834-L4850" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4834-L4850" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3d0a80c062800f935fa3837755e8a91245e01a4e2450a05fecab5564cb62c15c" score = 75 quality = 90 @@ -39030,8 +39296,8 @@ rule REVERSINGLABS_Cert_Blocklist_32119925A6Ce4710Aecc4006C28E749F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4852-L4868" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4852-L4868" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca812cdfbb7ca984fae1e16159eb0eeb1e65767fcc6aa07eeb84966853146f9d" score = 75 quality = 90 @@ -39055,8 +39321,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C90Eaf4De3Afc03Ba924C719435C2A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4870-L4888" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4870-L4888" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5bb78a5e39f9d023cf63edabdc83d4965fc79f6f04f9fea9bcf2a53223fbd4ca" score = 75 quality = 90 @@ -39080,8 +39346,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aff762E907F0644E76Ed8A7485Fb12A1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4890-L4908" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4890-L4908" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ad05389e0eb30cb894b03842d213b8c956f66357a913c73d8d8b79f8336bf980" score = 75 quality = 90 @@ -39105,8 +39371,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8530214Ca0F512946496B5164C61201 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4910-L4928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4910-L4928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "377962915586c9f5a5737c24b698c96efc2e819e52ee16109c405f9af2d57e7f" score = 75 quality = 90 @@ -39130,8 +39396,8 @@ rule REVERSINGLABS_Cert_Blocklist_661Ba8F3C9D1B348413484E9A49502F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4930-L4948" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4930-L4948" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4840b311c1e2c0ae14bb2cf6fa8d96ab1a434ceac861db540697f3aed1a6833f" score = 75 quality = 90 @@ -39155,8 +39421,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Aead5A9Ab2D841B449Fa82De3A8A00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4950-L4966" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4950-L4966" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e53095aab9d6c2745125e8cd933334ebc2e51a9725714d31a46baa74b8e42ed9" score = 75 quality = 90 @@ -39180,8 +39446,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B630F9645531F8868Dae8Ac0F8Cfe6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4968-L4984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4968-L4984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6d2f4346760bf52a438c4c996e92a2641bebfd536248776383d7c8394e094e6a" score = 75 quality = 90 @@ -39205,8 +39471,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8373Cf89F1B49138F4328118487F9E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L4986-L5002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L4986-L5002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f926c2f73d47d463721a0cad48d9866192df55d71867941a40cba7e0b7725102" score = 75 quality = 90 @@ -39230,8 +39496,8 @@ rule REVERSINGLABS_Cert_Blocklist_E38259Cf24Cc702Ce441B683Ad578911 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5004-L5022" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5004-L5022" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2428df14a18f4aed1a3db85c1fb43a847fae8a922c6dc948f3bc514dc4cae09c" score = 75 quality = 90 @@ -39255,8 +39521,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bdc81Bc76090Dae0Eee2E1Eb744A4F9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5024-L5042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5024-L5042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4fc3e57bedb6fb7c96e6a1ee2ad2aec3860716ac714d52ea58b86be4bbda4660" score = 75 quality = 90 @@ -39280,8 +39546,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2E730B0526F36Faf7D093D48D6D9997 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5044-L5062" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5044-L5062" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f74cc94428d7739abf6ee76f6cbd53aa47cea815a014de0d786fe53b15f66201" score = 75 quality = 90 @@ -39305,8 +39571,8 @@ rule REVERSINGLABS_Cert_Blocklist_7156Ec47Ef01Ab8359Ef4304E5Af1A05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5064-L5080" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5064-L5080" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7bb093287dd309ce12859eca9a9fc98095b3d52ec860626fe6e743bace262fde" score = 75 quality = 90 @@ -39330,8 +39596,8 @@ rule REVERSINGLABS_Cert_Blocklist_13794371C052Ec0559E9B492Abb25C26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5082-L5098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5082-L5098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7383d1fb1fa6e49f8fa9e1eecfe3fcedb8a11702fbd3700630a11b12da29fedf" score = 75 quality = 90 @@ -39355,8 +39621,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C7E78F53C31D6Aa5B45De14B47Eb5C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5100-L5116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5100-L5116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7521abc5c93f0336af4fab95268962aa3d3fb48fed6a8ba7fdb98e373158b327" score = 75 quality = 90 @@ -39380,8 +39646,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dadf44E4046372313Ee97B8E394C4079 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5118-L5136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5118-L5136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "170533935b91776ec2413106c55ed4a01c33f32a469a855824cac796f2e132a0" score = 75 quality = 90 @@ -39405,8 +39671,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2E08438Bb0E9Adc955E4B493E5821 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5138-L5156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5138-L5156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5dbe554032c945c46ffd61ef1e0deb59d396a70dd63994bf44c65d849ec8220a" score = 75 quality = 90 @@ -39430,8 +39696,8 @@ rule REVERSINGLABS_Cert_Blocklist_70E1Ebd170Db8102D8C28E58392E5632 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5158-L5174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5158-L5174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e1738eddc1da0876a373ee7f35bff155d56c1b98a23cb117c0e7a966f8fa3c92" score = 75 quality = 90 @@ -39455,8 +39721,8 @@ rule REVERSINGLABS_Cert_Blocklist_09C89De6F64A7Fdf657E69353C5Fdd44 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5176-L5192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5176-L5192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1cb57cd68cda91754307d2e4d94ea011975bbfff0f15134081a5aa11870b0db1" score = 75 quality = 90 @@ -39480,8 +39746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ffff2Ce862378B26440Df49Ca9175B70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5194-L5212" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5194-L5212" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8ed7b0643b07ce4954f570157e1534ee1ed647717cce00fe7f2b572c9b5d0042" score = 75 quality = 90 @@ -39505,8 +39771,8 @@ rule REVERSINGLABS_Cert_Blocklist_3223B4616C2687C04865Bee8321726A8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5214-L5230" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5214-L5230" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fcb0a14866b3612c5ec5a7db7a3333e20a4605695b3d019eef84de85d7b3ea4d" score = 75 quality = 90 @@ -39530,8 +39796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7709D2Df39E9A4F7Db2F3Cbc29B49743 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5232-L5248" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5232-L5248" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c9ade45e0f9fb737a08ffa94d1fff89471a1cbcbacc139730fab88e382226d0b" score = 75 quality = 90 @@ -39555,8 +39821,8 @@ rule REVERSINGLABS_Cert_Blocklist_E29690E14518874D2Dcf00234Ae94F1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5250-L5268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5250-L5268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ef84815798b213dc49a142e3076cc6dd680dccabe72643fc86234024a46468f9" score = 75 quality = 90 @@ -39580,8 +39846,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfac705C7E6845904F99995324F7562C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5270-L5288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5270-L5288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "68bcfe60c2e7154f427c20d0471ede99e55c8200149a4438d5a2a75982fcd419" score = 75 quality = 90 @@ -39605,8 +39871,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7989F8Be0C82D35A19E7B3Dd4Be30E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5290-L5308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5290-L5308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a50129908a471e6692bcf663abd5ef52861d4a46fdf528f39efe816ee6150edf" score = 75 quality = 90 @@ -39630,8 +39896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fa13Ae98E17Ae23Fcfe7Ae873D0C120 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5310-L5326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5310-L5326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "415f39f82b6a45acd196ccf246ec660806a8d66c61df8c7d2850e5b244118d04" score = 75 quality = 90 @@ -39655,8 +39921,8 @@ rule REVERSINGLABS_Cert_Blocklist_3696883055975D571199C6B5D48F3Cd5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5328-L5344" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5328-L5344" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6f77b9ca928167341a35b83e353886d4db8dfcecf45cde0f0f93d65059b5200" score = 75 quality = 90 @@ -39680,8 +39946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ee678930D5Bdfaa2Ab0172Fa4C10Ae07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5346-L5364" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5346-L5364" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1e254450fdbe94172a4fa2d2727c3ade5ae436cf4c0c1153a15e9a2f64f2452" score = 75 quality = 90 @@ -39705,8 +39971,8 @@ rule REVERSINGLABS_Cert_Blocklist_D7C432E8D4Edef515Bfb9D1C214Ff0F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5366-L5384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5366-L5384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "63741513f3ab2f51ecd66dc973239c9dc194b86504fe26b2dd4a7f31299e5497" score = 75 quality = 90 @@ -39730,8 +39996,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B440A47E8Ce3Dd202271E5C7A666C78 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5386-L5402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5386-L5402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "eb4387d58e391c356ed774d8c13bb4bbb2befed585bb44674459d3ef519aec58" score = 75 quality = 90 @@ -39755,8 +40021,8 @@ rule REVERSINGLABS_Cert_Blocklist_B82C6553B2186C219797621Aaa233Edb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5404-L5422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5404-L5422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "72e3e1740a4adc4315d2dd9c9f7b8cee2d89c3006014dec663b70d3419f43ca3" score = 75 quality = 90 @@ -39780,8 +40046,8 @@ rule REVERSINGLABS_Cert_Blocklist_F360F7Ad0Ed065Fec0B44F98E04481A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5424-L5442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5424-L5442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a25f1121f492dec461e570ff56acb0e3957cdf9100002f2ff0b6c3d3b35fee5" score = 75 quality = 90 @@ -39805,8 +40071,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe41941464B9992A69B7317418Ae8Eb7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5444-L5462" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5444-L5462" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bd5131f2b44deec6a7a68577b80ef4d066c331da2976539ce52ac6cff8d5560e" score = 75 quality = 90 @@ -39830,8 +40096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C14B611A44A1Bae0E8C7581651845B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5464-L5480" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5464-L5480" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7f6028181e33e4ba8264ee367169e7259e19ff49dcae9a337a4ba78c06b459e6" score = 75 quality = 90 @@ -39855,8 +40121,8 @@ rule REVERSINGLABS_Cert_Blocklist_690910Dc89D7857C3500Fb74Bed2B08D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5482-L5498" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5482-L5498" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c5da6238279296854eb95ecaed802f453e80c6bceb71c3fa587df0f7d40cf96" score = 75 quality = 90 @@ -39880,8 +40146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd41E6Bd7428D3008C8A05F68C9Ac6F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5500-L5518" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5500-L5518" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e387664dc9aa746e127b4efb2ef43675f8fb6df66e99d33ef765e8fa306a4f18" score = 75 quality = 90 @@ -39905,8 +40171,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7079866C0E48B01246Ba0C148E70D4D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5520-L5538" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5520-L5538" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cc144760e0ca21fd98b55ac222db540900def61f54e9644f8cab5f711ec7bf24" score = 75 quality = 90 @@ -39930,8 +40196,8 @@ rule REVERSINGLABS_Cert_Blocklist_D591Da22F33C800A7024Aecff2Cd6C6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5540-L5558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5540-L5558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30e421d5ea3c5693c5c9bd0e3dd997ceda9755d17e3fb16d2a8e6c4a327ae32f" score = 75 quality = 90 @@ -39955,8 +40221,8 @@ rule REVERSINGLABS_Cert_Blocklist_B36E0F2053Caee9C3B966F7Be0B40Fc3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5560-L5578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5560-L5578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2444c78aefdb9e8c8004598a318db016d7e781ede6da2ba3ee85316456c3e77b" score = 75 quality = 90 @@ -39980,8 +40246,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B320A2F46C99C1Ba1357Bee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5580-L5596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5580-L5596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "12797f80bce9d64c6c07e185aa309a0c4f910835745a7f2cc1874fb1211624d8" score = 75 quality = 90 @@ -40005,8 +40271,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4352185317271C1Cec9D05C279Af7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5598-L5614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5598-L5614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b240962ab23729b241413ed1e53ac6541bf6b8a673c57522efd0cfe0c7eb9dd4" score = 75 quality = 90 @@ -40030,8 +40296,8 @@ rule REVERSINGLABS_Cert_Blocklist_B514E4C5309Ef9F27Add05Bedd4339A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5616-L5634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5616-L5634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "665b280218528bbe3d5c65d043266469e5288587ed9d85d01797bef7ce132a6f" score = 75 quality = 90 @@ -40055,8 +40321,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C7B92282Aae782Bfb00Baf879935F4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5636-L5652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5636-L5652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d4edbb446a51e5153ba88d6757d5fb610303eac3fd4bdd3b987b508dc618d2dc" score = 75 quality = 90 @@ -40080,8 +40346,8 @@ rule REVERSINGLABS_Cert_Blocklist_D627F1000D12485995514Bfbdefc55D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5654-L5672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5654-L5672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7ca590d71997879d17054a936238dd5273a52f3438d1b231a75927abfb118ffd" score = 75 quality = 90 @@ -40105,8 +40371,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fb6Bae8834Edd8D3D58818Edc86D7D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5674-L5690" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5674-L5690" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a8cec0479bfd53f34e291d56538187c05375e80d20af7f0af08f0db8e1d6ed22" score = 75 quality = 90 @@ -40130,8 +40396,8 @@ rule REVERSINGLABS_Cert_Blocklist_E5Ad42C509A7C24605530D35832C091E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5692-L5710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5692-L5710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2d57d1c171734d0da167ce7eba47aecd88cd15063488d79659804c6c2fae00a2" score = 75 quality = 90 @@ -40155,8 +40421,8 @@ rule REVERSINGLABS_Cert_Blocklist_8E3D89C682F7C0Dad70110Cb7B7C8263 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5712-L5730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5712-L5730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a0f42c5492469e7f132b000aead2d674fed4ea9c0e168579fd55a6c89b45ae4d" score = 75 quality = 90 @@ -40180,8 +40446,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef2D35F2Ae82A767A16Be582Ab0D1Ba0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5732-L5750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5732-L5750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0709290aeb18bcb855518e150c2768c24ab311f5c727cdc4c40145b879ff88b6" score = 75 quality = 90 @@ -40205,8 +40471,8 @@ rule REVERSINGLABS_Cert_Blocklist_039668034826Df47E6207Ec9Daed57C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5752-L5768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5752-L5768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "792860feec6e599ba22ae3869ef132cf5b7be2e0572e23503e293444fd7c382d" score = 75 quality = 90 @@ -40230,8 +40496,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Bb6A9D1C642C5973C16D5353B17Ca4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5770-L5786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5770-L5786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b98dcd4f0ebe870a9dad55cac5b0db81be6062216337b75a74a0aff8436df57f" score = 75 quality = 90 @@ -40255,8 +40521,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A1Dc99E4D5264C45A5090F93242A30A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5788-L5804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5788-L5804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1985c9c4f4a93c3088eaec3031df93cf87a9d7ee36b94322330caf3c21982f3c" score = 75 quality = 90 @@ -40280,8 +40546,8 @@ rule REVERSINGLABS_Cert_Blocklist_018093Cfad72Cdf402Eecbe18B33Ec71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5806-L5822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5806-L5822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ac398ef89e691158742598777c320832a750a7410904448778afc7ef3c63c255" score = 75 quality = 90 @@ -40305,8 +40571,8 @@ rule REVERSINGLABS_Cert_Blocklist_569E03988Af60D80Ce60728940850D9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5824-L5842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5824-L5842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3ea894d9e088c2123f9ec87cbf097e2275fae18cad26e926641fe64921808b1e" score = 75 quality = 90 @@ -40330,8 +40596,8 @@ rule REVERSINGLABS_Cert_Blocklist_418F6D959A8A0F82Bef07Ceba3603E52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5844-L5862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5844-L5862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6c13c5e85d6e053319193d1d94f216eeec64405c86d15971419078a1ce6c8ac9" score = 75 quality = 90 @@ -40355,8 +40621,8 @@ rule REVERSINGLABS_Cert_Blocklist_5378C5Bbeba0D3309A35Bb47F63037F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5864-L5882" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5864-L5882" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a96acf93ca6da4d3bf5177b51996825cd3ea70443577622deccdd11fde579c31" score = 75 quality = 90 @@ -40380,8 +40646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bab6A2Aa84B495D9E554A4C42C0126D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5884-L5900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5884-L5900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "79b6df421c78fd3e2f05a60f7d875e02519297a0278614c9f63dff8b1b2a2d18" score = 75 quality = 90 @@ -40405,8 +40671,8 @@ rule REVERSINGLABS_Cert_Blocklist_6314001C3235Cd59Bcc3F5278C518804 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5902-L5918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5902-L5918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4320f3884c0f7e4939e8988a4e83b8028a5e01fb425ae4faa2273134db835813" score = 75 quality = 90 @@ -40430,8 +40696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed8Ade5D73B73Dade6943D557Ff87E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5920-L5936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5920-L5936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7796b6e7da900be8634e7f1e51cda1275ab1e7c2709af7ecaa8777ab0b518494" score = 75 quality = 90 @@ -40455,8 +40721,8 @@ rule REVERSINGLABS_Cert_Blocklist_0292C7D574132Ba5C0441D1C7Ffcb805 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5938-L5954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5938-L5954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d2bcf72f4c5829d161bc40e820eb0b1a85deaa49b749422d5429e27b7fb2b1fe" score = 75 quality = 90 @@ -40480,8 +40746,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F23F001458716D435Cca1A55D660Ec5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5956-L5972" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5956-L5972" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bacfb4b7900ab57d23474e0422bd74fff113296b8db37e8eae3bd456443d28d6" score = 75 quality = 90 @@ -40505,8 +40771,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E0Ccbdfb4777E10Ea6221B90Dc350C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5974-L5990" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5974-L5990" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08a1ff7cc3a7680fdbb3235a7b46709cd4ba530a9afeab4344671db9fe893cc4" score = 75 quality = 90 @@ -40530,8 +40796,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed1847A2Ae5D71Def1E833Fddd33D38 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L5992-L6008" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L5992-L6008" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ec5eb8ff1f630284fabfba5c58dd563d471343ace718f79dad08cfe75c3070d" score = 75 quality = 90 @@ -40555,8 +40821,8 @@ rule REVERSINGLABS_Cert_Blocklist_97Df46Acb26B7C81A13Cc467B47688C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6010-L6028" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6010-L6028" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6f6e0e175caee83eaec2dacedaf564b642195a8815cfd0d4564f581070b0c545" score = 75 quality = 90 @@ -40580,8 +40846,8 @@ rule REVERSINGLABS_Cert_Blocklist_186D49Fac34Ce99775B8E7Ffbf50679D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6030-L6046" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6030-L6046" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0444a5052ee384451ebd85918bbc6bf6d6a75334899a63a8b5828ef06cb9c7ca" score = 75 quality = 90 @@ -40605,8 +40871,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Aea98Bf0Ce789B6C952310F14Edde0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6048-L6066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6048-L6066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6e78750d6aca91e9e6d8f2651a5682ccdab5cd20ee3a74e1f8582eb7bc45d614" score = 75 quality = 90 @@ -40630,8 +40896,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Dcd0699Da08915Dde6D044Cb474157C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6068-L6084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6068-L6084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e1a3f27b8b9b642fe1ca73ec54d225f4470b53d0d06f2eea55ad1ad43ec67b39" score = 75 quality = 90 @@ -40655,8 +40921,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B03Cabe6A0481F17A2Dbeb9Aefad425 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6086-L6102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6086-L6102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6986e7bd90842647ec6a168c30dca2d5ae8ae5b1c1014f966dd596a78859ac6e" score = 75 quality = 90 @@ -40680,8 +40946,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Cd303Fa289790Afa03C403E9240002 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6104-L6120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6104-L6120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f51556a8a12affbd7f7633bf8daa50e6332fa3d3448ea08853cf8ed28e593680" score = 75 quality = 90 @@ -40705,8 +40971,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Cef66A71C35Bc3Aed6D100C6493863 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6122-L6138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6122-L6138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e741fc13fe4d03b145ed1d86e738b415a7260eae5b0908c6991c9ea9896f14cf" score = 75 quality = 90 @@ -40730,8 +40996,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be77Fe5C58B7A360Add6A3Fced4E8334 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6140-L6158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6140-L6158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cea0d217206562c0045843405802d3b2fad01bdb2a4cfb52057625b43f5f8eee" score = 75 quality = 90 @@ -40755,8 +41021,8 @@ rule REVERSINGLABS_Cert_Blocklist_F097E59809Ae2E771B7B9Ae5Fc3408D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6160-L6178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6160-L6178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9e23ff26d3e1ea181e48fc23383e3717804858bc517a31ec508fa0753730c78e" score = 75 quality = 90 @@ -40780,8 +41046,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf1Ed2A6Ff4Bee621Efdf725Ea174B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6180-L6196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6180-L6196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7030c122905105c72833cfcb41692bd9a67cf456e3309afce0b8f9e65c6aa5c1" score = 75 quality = 90 @@ -40805,8 +41071,8 @@ rule REVERSINGLABS_Cert_Blocklist_1249Aa2Ada4967969B71Ce63Bf187C38 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6198-L6214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6198-L6214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f84568cfe6304af0307a34bfed6dd346a74e714005b5e6f22a354b14f853ec65" score = 75 quality = 90 @@ -40830,8 +41096,8 @@ rule REVERSINGLABS_Cert_Blocklist_D59A05955A4A421500F9561Ce983Aac4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6216-L6234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6216-L6234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7ed87a03f20872669369cc3cad4eae40ba597f06222194bd67262c094083ec1" score = 75 quality = 90 @@ -40855,8 +41121,8 @@ rule REVERSINGLABS_Cert_Blocklist_539015999E304A5952985A994F9C3A53 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6236-L6252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6236-L6252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "feeb1710bd5b048c689a2e45575529624cd1622dcc73db8fe7de6c133fdc5698" score = 75 quality = 90 @@ -40880,8 +41146,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B1926A5E8Ae50A0Efa504F005F93869 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6254-L6270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6254-L6270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1cbdf39a873c83d2b55723215fb4930a3ce23b6cab2d71a6cd5f16b2721e30f9" score = 75 quality = 90 @@ -40905,8 +41171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A23B660E7322E54D7Bd0E5Acc890966 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6272-L6288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6272-L6288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "17996dd0ec81623dbd4eeea98f9bbe37c11c911ca840833ecb9301bb0a9ddb52" score = 75 quality = 90 @@ -40930,8 +41196,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Cfa5050C819C4Acbb8Fa75979688Dff : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6290-L6308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6290-L6308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cffc234be78446191dd5f5990db9f17c7e28eeaa3e16f1eb8ad4ed1e58fdc25e" score = 75 quality = 90 @@ -40955,8 +41221,8 @@ rule REVERSINGLABS_Cert_Blocklist_044E05Bb1A01A1Cbb50Cfb6Cd24E5D6B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6310-L6326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6310-L6326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40c80d3b6bedb0b3454e14501745a6e82b6ea9ac202748867a2e937fb79c6f6c" score = 75 quality = 90 @@ -40980,8 +41246,8 @@ rule REVERSINGLABS_Cert_Blocklist_B7F19B13De9Bee8A52Ff365Ced6F67Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6328-L6346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6328-L6346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a8d2a92b44cdd7b123907a6a77ba0fc9fde4961f9ac846b36f1e87730a1efae6" score = 75 quality = 90 @@ -41005,8 +41271,8 @@ rule REVERSINGLABS_Cert_Blocklist_B61B8E71514059Adc604Da05C283E514 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6348-L6366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6348-L6366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1255cef74082c9cad41ac8e7d62e740f69e6ba44171bb45655a68ee5db204e57" score = 75 quality = 90 @@ -41030,8 +41296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ece6Cbf67Dc41635A5E5D075F286Af23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6368-L6386" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6368-L6386" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f560e6f4a65eaac8db1d8accb0748de17048e66ccf989468e6350a3ec1d70dc8" score = 75 quality = 90 @@ -41055,8 +41321,8 @@ rule REVERSINGLABS_Cert_Blocklist_014A98D697B44F43Ded21F18Eb6Ad0Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6388-L6404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6388-L6404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9f1cc61b944974696113912bc1d1a0b45b9911fa4d6de382a48c0d22d2d20953" score = 75 quality = 90 @@ -41080,8 +41346,8 @@ rule REVERSINGLABS_Cert_Blocklist_063A7D09107Eddd8Aa1F733634C6591B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6406-L6422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6406-L6422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "19f11e1d9ce95eb4bc75387a0118c230388a13cd07b02e00ea1d65cdcc0b2bd7" score = 75 quality = 90 @@ -41105,8 +41371,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E74Cfe7De8C5F57840A61034414Ca9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6424-L6442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6424-L6442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d82220d908283f1707ec15882503b02cb8dc80095279a9e7d6cbdd113c25d8ae" score = 75 quality = 90 @@ -41130,8 +41396,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Cf729F8A740Bbdef183A1C4D86A02F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6444-L6460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6444-L6460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "691fadaa653ecd29e60f2db39b7c5154d7c85f388f72eccd0a4b5fe42eaee0dd" score = 75 quality = 90 @@ -41155,8 +41421,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F64677254D3844Efdac2922123D05D1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6462-L6478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6462-L6478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f9f1f629e03563ece0fe5186b199e2f030dce7f58fb259de1aeb7387c76fa902" score = 75 quality = 90 @@ -41180,8 +41446,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Fbf8Cfa43Dca3F85Efabe96Dfefa49 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6480-L6496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6480-L6496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73d80e6a0dc2316524a55a9627792b9b4488d238ef529f1767de182956b0865e" score = 75 quality = 90 @@ -41205,8 +41471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef9D0Cf071D463Cd63D13083046A7B8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6498-L6516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6498-L6516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2923979811504f78a79a2480600285a2697845e51870a44ed231a81e79807121" score = 75 quality = 90 @@ -41230,8 +41496,8 @@ rule REVERSINGLABS_Cert_Blocklist_115Cf1353A0E33E19099A4867A4C750A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6518-L6536" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6518-L6536" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a3353c655531b113dc019a86288310881e3bbcb6c03670a805f22b185e09e6c" score = 75 quality = 90 @@ -41255,8 +41521,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Cf3778Bb11115A884E192A7Cb807599 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6538-L6556" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6538-L6556" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4242ef4a30bb09463ec5a6df9367915788a2aa782df6c463bcf966d2aad63c1d" score = 75 quality = 90 @@ -41280,8 +41546,8 @@ rule REVERSINGLABS_Cert_Blocklist_82Cb93593B658100Cdd7A00C874287F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6558-L6576" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6558-L6576" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c77881e0365c9fc398097d0b6e077330a5f0fcbb53279bfde96b3c01df914c55" score = 75 quality = 90 @@ -41305,8 +41571,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A8Bcfd05F86B15D0C99F50Cf414Bd00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6578-L6596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6578-L6596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "803d70dddeff51b753b577ea196b12570847c6875ae676a2d12cf1ca9323be34" score = 75 quality = 90 @@ -41330,8 +41596,8 @@ rule REVERSINGLABS_Cert_Blocklist_95E5793F2Abe0B4Ec9Be54Fd24F76Ae5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6598-L6616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6598-L6616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bd198665ae952e11c91adc329908e3cd55a55365875200cd81d2f71fd092f1fe" score = 75 quality = 90 @@ -41355,8 +41621,8 @@ rule REVERSINGLABS_Cert_Blocklist_133565779808C3B79D8E3F70A9C3Ffac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6618-L6634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6618-L6634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b9fb2e3cc150b0278e67c673f7c01174c30b2cc4458c9c5e573661071795b793" score = 75 quality = 90 @@ -41380,8 +41646,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E0Ccda0Ef37Acef6C2Ebe4538627E5C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6636-L6654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6636-L6654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f13f9b70a2a3187522e4fff45a8a425863ad6242f82592aa9319c8d5fddeeefa" score = 75 quality = 90 @@ -41405,8 +41671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bad35Fd70025D46C56B89E32B1A3954C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6656-L6674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6656-L6674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1020250fc5030e50bc1e7d0f0c5a77e462a53f47bfcc4383c682b34fed567492" score = 75 quality = 90 @@ -41430,8 +41696,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B91468122273Aa32B7Cfc80C331Ea13 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6676-L6692" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6676-L6692" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "49d6fd8b325df4bc688275a09cee35e1040172eb6f3680aa2b6f0f3640c0782e" score = 75 quality = 90 @@ -41455,8 +41721,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E267B5D14Cdf1F645C1Ec545Cec3Aee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6694-L6710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6694-L6710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e36ae57d715a71aa7d26dd003d647dfa7ab16d64e5411b6c49831544fc482645" score = 75 quality = 90 @@ -41480,8 +41746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ae6D3C0269Ef6497E14379C51A8507Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6712-L6730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6712-L6730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "23570962c80bddce28a3dee9d4d864cf3cf64018eec6fbcbdd3ca2658c9f660f" score = 75 quality = 90 @@ -41505,8 +41771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd8C468Cc1B45C9Cfb41Cbd8C835Cc9E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6732-L6750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6732-L6750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "230d33f0d1d31d4cb76bf3b13f109d3cc9ace846daef145e1dc7666b33c8a42a" score = 75 quality = 90 @@ -41530,8 +41796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C061Baa3118327255161F6A7Fa4E21D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6752-L6770" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6752-L6770" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4193fce69af03b3521a3cc442b762c52f8585b44fa6b0bd78b9ace171b807ed4" score = 75 quality = 90 @@ -41555,8 +41821,8 @@ rule REVERSINGLABS_Cert_Blocklist_04332C16724Ffeda5868D22Af56Aea43 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6772-L6788" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6772-L6788" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6b62d5c7a3c6e3096797cd2f515d86045fa77682638bda44175d05c5b6c5bbc0" score = 75 quality = 90 @@ -41580,8 +41846,8 @@ rule REVERSINGLABS_Cert_Blocklist_030012F134E64347669F3256C7D050C5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6790-L6806" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6790-L6806" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1a55856bfa4c632b2b0404686dc7ba5e7238b619dd4d2eb68c3d291bc86e52c4" score = 75 quality = 90 @@ -41605,8 +41871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fa3Dcac19B884B44Ef4F81541184D6B0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6808-L6826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6808-L6826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "324de84cb8c2f5402c9326749e3456e11312828df2523954fd84f7fb3298fdf3" score = 75 quality = 90 @@ -41630,8 +41896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E6F4Cb8B06E01C3Bd296Ace3A95F814 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6828-L6844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6828-L6844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f3184a9d1fe2a1cf2dcc04d26c284aa9a651d2f00aa28642d7f951550a050138" score = 75 quality = 90 @@ -41655,8 +41921,8 @@ rule REVERSINGLABS_Cert_Blocklist_085B70224253486624Fc36Fa658A1E32 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6846-L6862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6846-L6862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "50ff48a421a109f8c6bf92032691d9b673945bc591005004ff17dc18c97d4aea" score = 75 quality = 90 @@ -41680,8 +41946,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Cd5393514F7Ace2B407C3Dbfb09D8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6864-L6880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6864-L6880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4cd08b9113a7c1f4f2d438ac59ad0be503daded3a08b8c8e8ce3e0dfdddf259e" score = 75 quality = 90 @@ -41705,8 +41971,8 @@ rule REVERSINGLABS_Cert_Blocklist_B72179C027B9037Ee220E81Ab18Fe56D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6882-L6900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6882-L6900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1416768011ff824307d112bdeecce1ad50d1f673e92bef8fddbbeb58ff98b1b1" score = 75 quality = 90 @@ -41730,8 +41996,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B74C70C4Aa092648B7F0D1A8A3A28F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6902-L6918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6902-L6918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "97759fa2e519936115f0493e251f9abc0cce3ada437776a5a370388512235491" score = 75 quality = 90 @@ -41755,8 +42021,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8Def294478B7D59Ee95C61Fae3D965 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6920-L6936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6920-L6936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3b7b10afa5f0212bd494ba8fe32bef18f2bbd77c8ab2ad498b9557a0575cc177" score = 75 quality = 90 @@ -41780,8 +42046,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D36Cbb64Bc9Add17Ba71737D3Ecceca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6938-L6954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6938-L6954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5874860582ed5be6908dca38e6ecae831eeeb0c2b768e8065ada9fd5ac2bda89" score = 75 quality = 90 @@ -41805,8 +42071,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad255D4Ebefa751F3782587396C08629 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6956-L6974" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6956-L6974" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "43f44cbedf37094416628c9df23767be3b036519f93222812597777a146ecb24" score = 75 quality = 90 @@ -41830,8 +42096,8 @@ rule REVERSINGLABS_Cert_Blocklist_262Ca7Ae19D688138E75932832B18F9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6976-L6992" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6976-L6992" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a5bb946c6199cd47a087ac26f0a996261318d1830191ea7c0e7797ff03984558" score = 75 quality = 90 @@ -41855,8 +42121,8 @@ rule REVERSINGLABS_Cert_Blocklist_59A57E8Ba3Dcf2B6F59981Fda14B03 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L6994-L7010" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L6994-L7010" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6e77c7d0bd7e5e9bc8880cc6ffc3f5f4f738e3dde22c270ad7a6f6672a99de53" score = 75 quality = 90 @@ -41880,8 +42146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aebe117A13B8Bca21685Df48C74F584D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7012-L7030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7012-L7030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e7fbc1f32adec39c94dc046933e152cd6d3946da4a168306484b7b6bc7f26fb6" score = 75 quality = 90 @@ -41905,8 +42171,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Dcd19A94535F034Ee36Af4676740633 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7032-L7048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7032-L7048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7079d4f1973ad4de21e1f88282c94b11c4d63f8bad12b35ef76a481e154d9da3" score = 75 quality = 90 @@ -41930,8 +42196,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca4822E6905Aa4Fca9E28523F04F14A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7050-L7068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7050-L7068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9633f3494e9ece3a698d47c5ba2b7ee7f82cee4be36ac418c969c36285c4963c" score = 75 quality = 90 @@ -41955,8 +42221,8 @@ rule REVERSINGLABS_Cert_Blocklist_24C1Ef800F275Ab2780280C595De3464 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7070-L7086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7070-L7086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7536ec92f388234bea3b33bee4af52e0e0ce9cd86b1c8321a503f70bfe5faa76" score = 75 quality = 90 @@ -41980,8 +42246,8 @@ rule REVERSINGLABS_Cert_Blocklist_6401831B46588B9D872B02076C3A7B00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7088-L7104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7088-L7104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cb84b27391fa0260061bc5444039967e83f2134f7b56f9cccf6a421d4a65a577" score = 75 quality = 90 @@ -42005,8 +42271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A01A91Cce63Ede5Eaa3Dac4883Aea05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7106-L7122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7106-L7122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58a26b44e485814fa645bfa490f3442745884026bb7a70327d4f51645ad3f69c" score = 75 quality = 90 @@ -42030,8 +42296,8 @@ rule REVERSINGLABS_Cert_Blocklist_54Cd7Ae1C27F1421136Ed25088F4979A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7124-L7140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7124-L7140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c7cd84a225216ff1464a147c2572de2b0a2f69f7a315cdebef5ad2bab843b72a" score = 75 quality = 90 @@ -42055,8 +42321,8 @@ rule REVERSINGLABS_Cert_Blocklist_F2D693Aad63E6920782A0027Dfc97D91 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7142-L7160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7142-L7160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8f29e65b39608518d16f708faef68db37b6e179c567819dccb6681adcec262e3" score = 75 quality = 90 @@ -42080,8 +42346,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8E8F6C92Ba666B0688A8Cacce9Acccf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7162-L7180" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7162-L7180" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa419bc044be55d4c94481998be4e9c0310416740084eb8376842cf5416d78bf" score = 75 quality = 90 @@ -42105,8 +42371,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3D5089D4B8F01Aadce2731062Fb0Cce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7182-L7200" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7182-L7200" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7f10b86f156ccac695f480661dfea8bcc455477afd9575230c2f8510327d1996" score = 75 quality = 90 @@ -42130,8 +42396,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ed801843Fa001B8Add52D3A97B25931 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7202-L7218" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7202-L7218" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7c9424520afe16bd4769e1be84163ac37b8fb37433931f2e362d90cacc01093" score = 75 quality = 90 @@ -42155,8 +42421,8 @@ rule REVERSINGLABS_Cert_Blocklist_D9E834182Dec62C654E775E809Ac1D1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7220-L7238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7220-L7238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3d8075e34fa3dc221bc2abc2630a93f32efbdde6df270a77b1d6b64d8ce56133" score = 75 quality = 90 @@ -42180,8 +42446,8 @@ rule REVERSINGLABS_Cert_Blocklist_801689896Ed339237464A41A2900A969 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7240-L7258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7240-L7258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a371092cbf5a1a0c8051ba2b4c9dd758d829a2f0c21c86d1920164a0ae7751e6" score = 75 quality = 90 @@ -42205,8 +42471,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Fd3661533Eef209153C9Afec3Ba4D8A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7260-L7276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7260-L7276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ce6c07b8ae54db03e4fa2739856a8d3dc2051c051a10c3c73501dad4296dde97" score = 75 quality = 90 @@ -42230,8 +42496,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ced87Bd70B092Cb93B182Fac32655F6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7278-L7294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7278-L7294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4e2c967b9502d9009c61831f019ba19367b866e898ca1246a1099d75ad0eb4d5" score = 75 quality = 90 @@ -42255,8 +42521,8 @@ rule REVERSINGLABS_Cert_Blocklist_047801D5B55C800B48411Fd8C320Ca5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7296-L7312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7296-L7312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ef26b4e3c658f53f3048d10bd1b7a2a198cd402e1b7c60e84adadb4f236ccb5d" score = 75 quality = 90 @@ -42280,8 +42546,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0Ed5318848703405D40F7C62D0F39A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7314-L7330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7314-L7330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "484932ddfe614fd5ab22361ab281cda62803c98279f938aa5237237fae6a95d6" score = 75 quality = 90 @@ -42305,8 +42571,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E7545C9Fc5938F5198Ab9F1749Ca31C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7332-L7348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7332-L7348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6be57eb6744ad6d239a0a2cc1ec8c39c9dfd4e4eeb3be9e699516c259f617f0" score = 75 quality = 90 @@ -42330,8 +42596,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ddd3796A427B42F2E52D7C7Af0Ca54F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7350-L7366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7350-L7366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "804ab8c44e5d97d8e14f852d61094e90d1e3ace66316781e9e79ab46fc7db8e7" score = 75 quality = 90 @@ -42355,8 +42621,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B27D7F4Ee21A462A064A17Eef70D6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7368-L7384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7368-L7384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b303751e354c346f73368de94b66a960dd12efa0730d2ab14af743810669ac81" score = 75 quality = 90 @@ -42380,8 +42646,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0A308Fc2E71Ac4Ac40677B9C27Ccbad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7386-L7404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7386-L7404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "21fd7625399c939b6d03100b731709616d206a3811197af2b86991be9d89b4eb" score = 75 quality = 90 @@ -42405,8 +42671,8 @@ rule REVERSINGLABS_Cert_Blocklist_61B11Ef9726Ab2E78132E01Bd791B336 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7406-L7422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7406-L7422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1a8e72f31039a5a5602d0314f017a2596a23e4a796dc66167dfefc0c9790e3e3" score = 75 quality = 90 @@ -42430,8 +42696,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Fe807310D98357A59382090634B93F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7424-L7442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7424-L7442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ec56bd4783c854efef863050ff729fd99efa98b7b19e04e56a080ee3e75cd90" score = 75 quality = 90 @@ -42455,8 +42721,8 @@ rule REVERSINGLABS_Cert_Blocklist_B97F66Bb221772Dc07Ef1D4Bed8F6085 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7444-L7462" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7444-L7462" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "794dc27ff9b2588d3f2c31cdb83e53616c604aa41da7d8c895034e1cf9da5dd8" score = 75 quality = 90 @@ -42480,8 +42746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fed006Fbf85Cd1C6Ba6B4345B198E1E6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7464-L7482" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7464-L7482" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0360c6760f1018f9388ef5639ab2306879134f33da12677f954fa31b8a71aa16" score = 75 quality = 90 @@ -42505,8 +42771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa28C9Bd16D9D304F18Af223B27Bfa1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7484-L7502" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7484-L7502" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "feaa8d645eea46c7cbbba4ba86c92184df7515a50f1f905ab818c59079a0c96a" score = 75 quality = 90 @@ -42530,8 +42796,8 @@ rule REVERSINGLABS_Cert_Blocklist_19Beff8A6C129663E5E8C18953Dc1F67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7504-L7520" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7504-L7520" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ec031c781ebad7447cfc53ce791aacc8f24e38f039c84e2ee547de64729ae76" score = 75 quality = 90 @@ -42555,8 +42821,8 @@ rule REVERSINGLABS_Cert_Blocklist_029685Cda1C8233D2409A31206F78F9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7522-L7538" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7522-L7538" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d541ce73e5039541ea221f27cc4d033f0c477e41a148206c26cc39ae07c4caaa" score = 75 quality = 90 @@ -42580,8 +42846,8 @@ rule REVERSINGLABS_Cert_Blocklist_D609B6C95428954A999A8A99D4F198Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7540-L7558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7540-L7558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a124f80d599051ecd7c17e6818d181ea018db14c9f0514bbcc5b677ba3656d65" score = 75 quality = 90 @@ -42605,8 +42871,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3356318924C8C42959Bf1D1574E6482 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7560-L7578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7560-L7578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a672054a776d0715fc888578bcb559d24ef54b4c523f7d49a39ded2586c3140a" score = 75 quality = 90 @@ -42630,8 +42896,8 @@ rule REVERSINGLABS_Cert_Blocklist_31D852F5Fca1A5966B5Ed08A14825C54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7580-L7596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7580-L7596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8c98b856d53e6862e94042bb133f5739bddcec2e208e43961b23e244584c6ee4" score = 75 quality = 90 @@ -42655,8 +42921,8 @@ rule REVERSINGLABS_Cert_Blocklist_17D99Cc2F5B29522D422332E681F3E18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7598-L7614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7598-L7614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "55cc1634cdc5209d68b98fdb0d9e97e0a34346cdcb10f243d13217cda01195f1" score = 75 quality = 90 @@ -42680,8 +42946,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A568F85De2061F67Ded98707D4988Df : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7616-L7632" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7616-L7632" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "793be308a4df55c3b325e1ee3185159c4155f6dfabc311216d3763bd43680bd4" score = 75 quality = 90 @@ -42705,8 +42971,8 @@ rule REVERSINGLABS_Cert_Blocklist_038Fc745523B41B40D653B83Aa381B80 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7634-L7650" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7634-L7650" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "016ca6dcb5c7c56c80e4486b84d97fb3869a959ef3e8392e4376a0a0de06092f" score = 75 quality = 90 @@ -42730,8 +42996,8 @@ rule REVERSINGLABS_Cert_Blocklist_30Af0D0E6D8201A5369664C5Ebbb010F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7652-L7668" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7652-L7668" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "018e5a0fbeeaded2569b83e2f91230e0055a5ffa2059b7a064a5c2eda55ed2de" score = 75 quality = 90 @@ -42755,8 +43021,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac0A7B9420B369Af3Ddb748385B981 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7670-L7688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7670-L7688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2bc31eaa64be487cb85873a64b7462d90d1c28839def070ce5db7ae555383421" score = 75 quality = 90 @@ -42780,8 +43046,8 @@ rule REVERSINGLABS_Cert_Blocklist_C167F04B338B1E8747B92C2197403C43 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7690-L7708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7690-L7708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8e0a11efc739baefe23a3d77e4eefc9dc23c74821c91fc219822dbc5dbb468b1" score = 75 quality = 90 @@ -42805,8 +43071,8 @@ rule REVERSINGLABS_Cert_Blocklist_9272607Cfc982B782A5D36C4B78F5E7B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7710-L7728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7710-L7728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b1d6f27fb513542589a5c9011e501a9d298282bba6882eac0fc7bf3e6ebb291" score = 75 quality = 90 @@ -42830,8 +43096,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Eb9187A2505D8E6C842E6D366Ad0C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7730-L7746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7730-L7746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4ae755e814ae2488d4bd6b8136ab6d78e4809a2ddacb7f88cf1d2b64c1488898" score = 75 quality = 90 @@ -42855,8 +43121,8 @@ rule REVERSINGLABS_Cert_Blocklist_56Fff139Df5Ae7E788E5D72196Dd563A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7748-L7764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7748-L7764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4b58c83901605d8b43519f1bc2d4ac8dc10c794f027681378b2bee2a8ff81604" score = 75 quality = 90 @@ -42880,8 +43146,8 @@ rule REVERSINGLABS_Cert_Blocklist_E161F76Da3B5E4623892C8E6Fda1Ea3D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7766-L7784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7766-L7784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "883545593b48aa11c11f7fa1a1f77c62321ea86067f1ed108dcd00c8c6cd3495" score = 75 quality = 90 @@ -42905,8 +43171,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Ae5B177Ac3A7Ce2Aadf1C891B574924 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7786-L7804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7786-L7804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03ac299459a1aaf2e4a2e62884cd321e16100fee78b4b0e271acdd8a4e32525c" score = 75 quality = 90 @@ -42930,8 +43196,8 @@ rule REVERSINGLABS_Cert_Blocklist_A03Ea3A4Fa772B17037A0B80F1F968Aa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7806-L7824" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7806-L7824" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e2044c6ddb80f3add13dfc3b623d0460ce8e9a66c5a98582f80d906edbbbd829" score = 75 quality = 90 @@ -42955,8 +43221,8 @@ rule REVERSINGLABS_Cert_Blocklist_333Ca7D100B139B0D9C1A97Cb458E226 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7826-L7842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7826-L7842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b3a31a54132fd8ca2c11b7806503207a4197f16af78693387bac56879b5e1448" score = 75 quality = 90 @@ -42980,8 +43246,8 @@ rule REVERSINGLABS_Cert_Blocklist_9245D1511923F541844Faa3C6Bfebcbe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7844-L7862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7844-L7862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b965e897b42c39841e663cc144cf6e4a81fc9bcb64ce3a15a7ca021e95866b08" score = 75 quality = 90 @@ -43005,8 +43271,8 @@ rule REVERSINGLABS_Cert_Blocklist_2888Cf0F953A4A3640Ee4Cfc6304D9D4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7864-L7880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7864-L7880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a9ee8534d89b8ac8705bb1777718513a28e4531ed398f482f46a72f2760af161" score = 75 quality = 90 @@ -43030,8 +43296,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8Edcfe8Be174C2F204D858C5B91Dea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7882-L7900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7882-L7900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b3e6927abfce69548374bfd430a3ae3a1c5a8d05f0f40e43091b4d12025c5b1a" score = 75 quality = 90 @@ -43055,8 +43321,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Faf8705A3Eaef9340800Cc4Fd38597C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7902-L7920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7902-L7920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "66a340f169e401705ba229d2d4548cef1a57bf1d2d320b108d12b2049b063b92" score = 75 quality = 90 @@ -43080,8 +43346,8 @@ rule REVERSINGLABS_Cert_Blocklist_0940Fa9A4080F35052B2077333769C2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7922-L7938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7922-L7938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "45636ea33751fea61572539fe6f28bccd05df9b6b9e7f2d77bb738f7c69c53a2" score = 75 quality = 90 @@ -43105,8 +43371,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea720222D92Dc8D48E3B3C3B0Fc360A6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7940-L7958" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7940-L7958" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c60e1ccf178f03f930a3bc41e9a92be20df0362f067ed1fcfc7c93627a056d75" score = 75 quality = 90 @@ -43130,8 +43396,8 @@ rule REVERSINGLABS_Cert_Blocklist_4743E140C05B33F0449023946Bd05Acb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7960-L7976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7960-L7976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "69ce1512d7df4926ee2b470b18fbe51a2aa81e07b37b2536617d6353045e0d19" score = 75 quality = 90 @@ -43155,8 +43421,8 @@ rule REVERSINGLABS_Cert_Blocklist_A496Bc774575C31Abec861B68C36Dcb6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7978-L7996" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7978-L7996" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f82214f982c9972e547f77966c44e935e9de701cc9108ceca34a4fede850d243" score = 75 quality = 90 @@ -43180,8 +43446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A55C15F733Bf1633E9Ffae8A6E3B37D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L7998-L8014" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L7998-L8014" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "89ca9f1c5cf0b029748528d8c5bb65f89ee05877bfdc13b4ce3d2d3e7feafb5d" score = 75 quality = 90 @@ -43205,8 +43471,8 @@ rule REVERSINGLABS_Cert_Blocklist_C650Ae531100A91389A7F030228B3095 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8016-L8034" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8016-L8034" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "186b66283491cfebcaade57b1010ce4304c08ddb131153984210c2c7025961aa" score = 75 quality = 90 @@ -43230,8 +43496,8 @@ rule REVERSINGLABS_Cert_Blocklist_3990362C34015Ce4C23Ecc3377Fd3C06 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8036-L8052" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8036-L8052" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0625800fcb166b56cab2e16d0d757983a6f880b68627ed8c3c38419dd9a32999" score = 75 quality = 90 @@ -43255,8 +43521,8 @@ rule REVERSINGLABS_Cert_Blocklist_121Fca3Cfa4Bd011669F5Cc4E053Aa3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8054-L8070" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8054-L8070" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1edd5be3f970202be15080cd7ef19c0cce7fcba73cb6120d7cb7d518e877cf85" score = 75 quality = 90 @@ -43280,8 +43546,8 @@ rule REVERSINGLABS_Cert_Blocklist_D338F8A490E37E6C2Be80A0E349929Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8072-L8090" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8072-L8090" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "39d9695803e96508b5ad12a7d9f8b65d13288dbe94b21a4952e096dd576e11ce" score = 75 quality = 90 @@ -43305,8 +43571,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C1Ee9B583310B5E34A1Ee6945A34B26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8092-L8108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8092-L8108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7752e49e8848863d78c5de03c3d194498765d80da00a84c5164c7a9010d13474" score = 75 quality = 90 @@ -43330,8 +43596,8 @@ rule REVERSINGLABS_Cert_Blocklist_D875B3E3F2Db6C3Eb426E24946066111 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8110-L8128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8110-L8128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9e181271d46c828b9ec266331e077b3b4891a193c71173447da383fad91ae878" score = 75 quality = 90 @@ -43355,8 +43621,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad0A958Cdf188Bed43154A54Bf23Afba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8130-L8148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8130-L8148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "07e53e59f90aa3cd3a98dbca2627672606f6c6f8f3bda8456e32122463729c4b" score = 75 quality = 90 @@ -43380,8 +43646,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Cee26C125B8C188F316C3Fa78D9C2F1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8150-L8166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8150-L8166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5c64f8e40c31822ce8d2e34f96ccc977085e429f0c068a5f6b44099117837de1" score = 75 quality = 90 @@ -43405,8 +43671,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C687A0022C36F89E253F91D1F6954E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8168-L8184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8168-L8184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "287c0c7a25e33e0e7def6efa23dbd2efba7c4ac3aa8f5deb8568a60a95e08bbe" score = 75 quality = 90 @@ -43430,8 +43696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca646B4275406Df639Cf603756F63D77 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8186-L8204" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8186-L8204" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a690e3f6a656835984e47d999271fe441a5fbf424208da8d5b3c9ddcef47b70e" score = 75 quality = 90 @@ -43455,8 +43721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addbec454B5479Cabd940A72Df4500Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8206-L8224" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8206-L8224" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "799629791646c524d170b900339b87474aed73b7156a8c4dd20f7c13cbe97929" score = 75 quality = 90 @@ -43480,8 +43746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac307E5257Bb814B818D3633B630326F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8226-L8244" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8226-L8244" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "10819bd2194fface6db812f8c6770c306c183386d2d9ba97467a5b55fd997194" score = 75 quality = 90 @@ -43505,8 +43771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D83E7F47189Cdbfc7Fa3E5F58882329 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8246-L8262" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8246-L8262" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b344f9fd6d8378b7d77a34b14c5f37eea253f3d13a8eb0777925f195fb3cf502" score = 75 quality = 90 @@ -43530,8 +43796,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Aa64564A50E8B2D6E31D5Cd6250Fde : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8264-L8280" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8264-L8280" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6b50ebf707b67650fe832d81c6fe8d2411cd83432ef94432d181db0c29aa48b" score = 75 quality = 90 @@ -43555,8 +43821,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Aa0Ae245B487C8926C88Ee6D736D1Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8282-L8298" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8282-L8298" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5a362175600552983ae838ca18aa378dc748b8b68bd8b67a9387794d983ed1a2" score = 75 quality = 90 @@ -43580,8 +43846,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Aec3D3F752A38617C1D7A677D0B5591 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8300-L8316" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8300-L8316" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b299833a19944ca6943ba9c974ec95369c57cd61acc8b2e1b5310edd077762c2" score = 75 quality = 90 @@ -43605,8 +43871,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7E1Dc5352C3852C5523030F57F2425C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8318-L8336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8318-L8336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "79c42c9a4eeeb69a62a16590e2b0b63818785509a40d543c7efe27ec6baaa19e" score = 75 quality = 90 @@ -43630,8 +43896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bbd4Dc3768A51Aa2B3059C1Bad569276 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8338-L8356" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8338-L8356" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f336570834e0663c6e589fa22b3541f4f79c40ff945dd91f1fd1258a96adeceb" score = 75 quality = 90 @@ -43655,8 +43921,8 @@ rule REVERSINGLABS_Cert_Blocklist_08622B9Dd9D78E67678Ecc21E026522E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8358-L8374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8358-L8374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "09507b09b035195b74434f56041588f67245fa097183228dffc612bb4901825b" score = 75 quality = 90 @@ -43680,8 +43946,8 @@ rule REVERSINGLABS_Cert_Blocklist_E69A6De0074Ece38C2F30F0D4A808456 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8376-L8394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8376-L8394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "21d8641d2394120847044f0e6f4d868095a1e30c0b594a3d045877ab9b3808a1" score = 75 quality = 90 @@ -43705,8 +43971,8 @@ rule REVERSINGLABS_Cert_Blocklist_8385684419Ab26A3F2640B1496E1Fe94 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8396-L8414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8396-L8414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24f75badc335160a8053a4c7e8bbd8ddbd3266c3a18059a937d5989df97ae9d9" score = 75 quality = 90 @@ -43730,8 +43996,8 @@ rule REVERSINGLABS_Cert_Blocklist_21E3Cae5B77C41528658Ada08509C392 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8416-L8432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8416-L8432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2e24ed0bd0bf3c36cae4bf106a2c17386bfb58b76372068be9745c2d501f30fc" score = 75 quality = 90 @@ -43755,8 +44021,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Abd2Eef14D480Dfea9Ca9Fdd823Cf03 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8434-L8450" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8434-L8450" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2dfc220c44d3dda28a253e5115ae9a087b6ddbf1a7ca1e9bcae5bd9ac5b2e1a0" score = 75 quality = 90 @@ -43780,8 +44046,8 @@ rule REVERSINGLABS_Cert_Blocklist_86909B91F07F9316984D888D1E28Ab76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8452-L8470" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8452-L8470" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "abd84492ed008125688a53e20d51780fa0b8c2309dcf751ff76a03d6f337beaa" score = 75 quality = 90 @@ -43805,8 +44071,8 @@ rule REVERSINGLABS_Cert_Blocklist_D1B8F1Fe56381Befdb2E73Ffef2A4B28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8472-L8490" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8472-L8490" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c118cb46914e7a6df8dd33dd14d5f9cf2692d98311503ec850cc66f02c20839e" score = 75 quality = 90 @@ -43830,8 +44096,8 @@ rule REVERSINGLABS_Cert_Blocklist_D4Ef1Ab6Ab5D3Cb35E4Efb7984Def7A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8492-L8510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8492-L8510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ecc2f6bfda1a0afd016f0a5183c0d1cdfe5d5e06c893a7d9a3d7cb7f9bc4bf16" score = 75 quality = 90 @@ -43855,8 +44121,8 @@ rule REVERSINGLABS_Cert_Blocklist_066276Af2F2C7E246D3B1Cab1B4Aa42E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8512-L8528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8512-L8528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30d4fa2cbc75d3a6258cdf0374159f25ea152c39784f8b7e9c461978df865dc0" score = 75 quality = 90 @@ -43880,8 +44146,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Cd323C2483668B90A44A711D2A6B98 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8530-L8546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8530-L8546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "653aff6f3913f1bf51e90e7a835dbb5441457175797cefdddd234a6c2c0f11ad" score = 75 quality = 90 @@ -43905,8 +44171,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A17D5De74Fd8F09Df596Df3123139Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8548-L8564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8548-L8564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7ed62740fe191d961ad32b2a79463cc9cbce557ea757e413860f7b4974904c03" score = 75 quality = 90 @@ -43930,8 +44196,8 @@ rule REVERSINGLABS_Cert_Blocklist_15Da61D7E1A631803431561674Fb9B90 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8566-L8582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8566-L8582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "75d2c3b47fe9c863812f2c98fc565af9050b909a03528e2ea4a96542a3ec0c0d" score = 75 quality = 90 @@ -43955,8 +44221,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ab21306B11Ff280A93Fc445876988Ab : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8584-L8600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8584-L8600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0cda954aa807336a6737716d0fa43d696376c240ab7be9d8477baf8800604bf1" score = 75 quality = 90 @@ -43980,8 +44246,8 @@ rule REVERSINGLABS_Cert_Blocklist_634E16E38F12E9A71Aca08E4C6B2Dbb9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8602-L8618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8602-L8618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "08950f276e5cf3fe4b5f7421ba671dfd72585aac3bbed7868fdb0e5aa90ec10e" score = 75 quality = 90 @@ -44005,8 +44271,8 @@ rule REVERSINGLABS_Cert_Blocklist_289051A83F350A2C600187C99B6C0A73 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8620-L8636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8620-L8636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cd5d6f95f0cfdbf8d37ea78d061ce00512b6cb7c899152b1640673494d539dd1" score = 75 quality = 90 @@ -44030,8 +44296,8 @@ rule REVERSINGLABS_Cert_Blocklist_818631110B5D14331Dac7E6Ad998B902 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8638-L8656" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8638-L8656" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5e0de3848adf933632c2eb8cf5ead61d6470237386ba8b48d57a278d99dba324" score = 75 quality = 90 @@ -44055,8 +44321,8 @@ rule REVERSINGLABS_Cert_Blocklist_277Cd16De5D61B9398B645Afe41C09C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8658-L8674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8658-L8674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "696467d699dec060b205f36f53dbe157b241823757d72798b35235d6530fd193" score = 75 quality = 90 @@ -44080,8 +44346,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0Eda76C13D30C97015708790Bb94214 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8676-L8694" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8676-L8694" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2112ebfb7c9ebbbccb20cefcd23bb49142da770feb16ee8eef5eb27646226785" score = 75 quality = 90 @@ -44105,8 +44371,8 @@ rule REVERSINGLABS_Cert_Blocklist_6333Ed618F88A05B4D82Ad7Bf66Cb0Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8696-L8712" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8696-L8712" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b088ac4b74a8cf3dddb67c8de2b7c3c5f537287a0454c0030c0eb4069c465c7d" score = 75 quality = 90 @@ -44130,8 +44396,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B777165B125Bccc181D0Bac3F5B55B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8714-L8730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8714-L8730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "80aff3d6f45f5847d5d39b170b9d0e70168d02569ca6d86a2c39150399d290fc" score = 75 quality = 90 @@ -44155,8 +44421,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B37Ac3479283B6F9D75Ddf0F8742D06 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8732-L8748" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8732-L8748" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7abd389ac31cd970e6611c7c303714fdd658f45d4857ad524f5e8368edbb875" score = 75 quality = 90 @@ -44180,8 +44446,8 @@ rule REVERSINGLABS_Cert_Blocklist_3112C69D460C781Fd649C71E61Bfec82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8750-L8766" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8750-L8766" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ed31b0a24d18a451163867f0f49df12af3ca0768f250ac8ce66d41405393130d" score = 75 quality = 90 @@ -44205,8 +44471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A5B4F67Ad8B22Afc2Debe6Ce5F8F679 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8768-L8784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8768-L8784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "938efb7ee19970484aded5cd46b2ff730f8882706bec3f062bdebde3cc9a4799" score = 75 quality = 90 @@ -44230,8 +44496,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df45B36C9D0Bd248C3F9494E7Ca822 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8786-L8804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8786-L8804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9c03522376b0d807cd36a0641e474d770bc3b4f8221f26d232878d2d320d072b" score = 75 quality = 90 @@ -44255,8 +44521,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ae3C4Eccecda2127D43Be390A850Dda : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8806-L8822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8806-L8822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8a2ff4f7a5ac996127778b1670e79291bddcb5dee6e7da2b540fd254537ee27e" score = 75 quality = 90 @@ -44280,8 +44546,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E36360538624C9B1Afd78A2Fb756028 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8824-L8840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8824-L8840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9cbb50c7d383048fd506506fa9ee8bf7c6d82feaf21bcde4008ab99b82e234a7" score = 75 quality = 90 @@ -44305,8 +44571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addb899F8229Fd53E6435E08Bbd3A733 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8842-L8860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8842-L8860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ecb8e31b8c56b92cef601618e0adc2f6d88999318805b92389693aa9e8050d18" score = 75 quality = 90 @@ -44330,8 +44596,8 @@ rule REVERSINGLABS_Cert_Blocklist_C1A1Db95D7Bf80290Aa6E82D8F8F996A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8862-L8880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8862-L8880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "84c7c0e53facadcdfd752e9cf3811fbfd6aac4bef4109acf430a67b6dcd37bfc" score = 75 quality = 90 @@ -44355,8 +44621,8 @@ rule REVERSINGLABS_Cert_Blocklist_C667Ffe3A5B0A5Ae7Cf3A9E41682E91B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8882-L8900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8882-L8900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "be2cd688f2d7c458ee764bd7a7250e0116328702db5585b444d631f05cdc701b" score = 75 quality = 90 @@ -44380,8 +44646,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0A83917660D05Cf476374659D3C7B85 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8902-L8920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8902-L8920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f60753ecb775d664e07e78611568799eaf06fb4742bcef3bf0c28202daf98c50" score = 75 quality = 90 @@ -44405,8 +44671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc5522898143Aafaab7Fd52304Cf00C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8922-L8940" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8922-L8940" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bfcf2fbbd9be97202eeb44c0f81f0a0713d4d30c466f2b170231c7f9df0e9e6d" score = 75 quality = 90 @@ -44430,8 +44696,8 @@ rule REVERSINGLABS_Cert_Blocklist_8B3333D32B2C2A1D33B41Ba5Db9D4D2D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8942-L8960" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8942-L8960" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cdb3f1983ed17df22d17c6321bc2ead2c391d70fdca4a9f6f4784f62196b85d0" score = 75 quality = 90 @@ -44455,8 +44721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb1198Bd8Bddb0D693Eb72A8613Fe3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8962-L8980" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8962-L8980" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2e004116d0f8df5a625b190127655926336fc74b4cce4ae40cd516a135e5d719" score = 75 quality = 90 @@ -44480,8 +44746,8 @@ rule REVERSINGLABS_Cert_Blocklist_846F77D9919Fc4405Aefe1701309Bd67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L8982-L9000" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L8982-L9000" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6739049a61183d506daf9aaf44a3b15cbf2234c6af307ec95bc07fa3d8501105" score = 75 quality = 90 @@ -44505,8 +44771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0939C2Bad859C0432E8E98A6C0162C02 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9002-L9018" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9002-L9018" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c48241e52e58600bfa0385742831dba59d9cbd959cd6853fe8e030f5df79c23" score = 75 quality = 90 @@ -44530,8 +44796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Fba0E19919Ac50D700Ba60250D02C8B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9020-L9036" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9020-L9036" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8c803111df930056bdc3ef7560f07bf4d255b93286d01ecc55f790e72565ba5d" score = 75 quality = 90 @@ -44555,8 +44821,8 @@ rule REVERSINGLABS_Cert_Blocklist_A758504E7971869D0Aec2775Fffa03D5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9038-L9056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9038-L9056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dcb1ac4c7dcbebd0a432515da82e4a97be6c6c2a54f9d642aa8c1a2bcbdce5de" score = 75 quality = 90 @@ -44580,8 +44846,8 @@ rule REVERSINGLABS_Cert_Blocklist_37A67Cf754Ee5Ae284B4Cf8B9D651604 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9058-L9074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9058-L9074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "22cb71eebbb212a4436847c11c7ca9cefaf118086b024014c12498a6a5953af5" score = 75 quality = 90 @@ -44605,8 +44871,8 @@ rule REVERSINGLABS_Cert_Blocklist_119Acead668Bad57A48B4F42F294F8F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9076-L9092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9076-L9092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "61c49c60fc4fd5d654a6376fcee43e986a5351f085a5652a3c8888774557e053" score = 75 quality = 90 @@ -44630,8 +44896,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A6D30A6Eb2Fa0C3369283725704Ac4C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9094-L9110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9094-L9110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "788abb53ed7974d87c1b1bdbe31dcd3e852ea64745d94780d78d1217ee0206fe" score = 75 quality = 90 @@ -44655,8 +44921,8 @@ rule REVERSINGLABS_Cert_Blocklist_670C3494206B9F0C18714Fdcffaaa42F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9112-L9128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9112-L9128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3b1e244b5f543a05beb2475020aa20dfc723f4dce3a5a0a963db1672d3295721" score = 75 quality = 90 @@ -44680,8 +44946,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E8Aa328Af207Ce8Bcae1Dc15C626188 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9130-L9146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9130-L9146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4022abb8efbda944e35ff529c5b3b3c9f6370127a945f3eec1310149bb5d06e4" score = 75 quality = 90 @@ -44705,8 +44971,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfad6Be1D823B4Eacb803B720F525A7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9148-L9166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9148-L9166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d8005774e6011d8198039a6588834cd0b13dd728103b63c3ea8b6e0dc3878f05" score = 75 quality = 90 @@ -44730,8 +44996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ebcb54B7E0E6410B28610De0743D4Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9168-L9184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9168-L9184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c9444ff9e13192bf300afac12554bc4cc2defb37bb5b57906b6163db378c515a" score = 75 quality = 90 @@ -44755,8 +45021,8 @@ rule REVERSINGLABS_Cert_Blocklist_01106Cc293772Ca905A2B6Eff02Bf0F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9186-L9202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9186-L9202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "81e19c06de4546a2cee974230ef7aa15291f20f2e6b6f89c9b12107c26836b5e" score = 75 quality = 90 @@ -44780,8 +45046,8 @@ rule REVERSINGLABS_Cert_Blocklist_05Bb162F6Efe852B7Bd4712Fd737A61E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9204-L9220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9204-L9220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d2fcbce0826c1478338827376d2c7869e5b38dc6d5e737a2f986600c6f71b1e6" score = 75 quality = 90 @@ -44805,8 +45071,8 @@ rule REVERSINGLABS_Cert_Blocklist_6171990Ba1C8E71049Ebb296A35Bd160 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9222-L9238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9222-L9238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e922bb850b7c5c70db80e6a2b99310eac48d3b10b94a7259899facd681916bfa" score = 75 quality = 90 @@ -44830,8 +45096,8 @@ rule REVERSINGLABS_Cert_Blocklist_2114Ca3Bd2Afd63D7Fa29D744992B043 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9240-L9256" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9240-L9256" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "241fe5a9f233fa36a665d22b38fd360bee21bc9832c15ac9c9d9b17adc3bb306" score = 75 quality = 90 @@ -44855,8 +45121,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aaa62208A3A78Bfac1443007D031E61 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9258-L9274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9258-L9274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7ba7f69514230fe636efc0a12fb9ac489a5a80ca1f5bcdb050dd30ee8f69659c" score = 75 quality = 90 @@ -44880,8 +45146,8 @@ rule REVERSINGLABS_Cert_Blocklist_09450B8F73Ea43E39D2Cdd56049Dbe40 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9276-L9292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9276-L9292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "22b344b8befc00b0154d225603c81c6058399770f54cb6a09d0f7908c5c8188c" score = 75 quality = 90 @@ -44905,8 +45171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Efd9Bd4B4281C6522D96011Df46C9C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9294-L9310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9294-L9310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8f8a5e3457c05c5e70e33041c5b0b971cf8f19313d47055fd760ed17d94c8794" score = 75 quality = 90 @@ -44930,8 +45196,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Dd7D4A785990584D8C0837659173272 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9312-L9328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9312-L9328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d18a479f07f2bdb890437e2bcb0213abdfb0eb684cdaf17c5eb0583039f2edb4" score = 75 quality = 90 @@ -44955,8 +45221,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C59D46580F039Af2C4Ab6Ba0Ffed197 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9330-L9346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9330-L9346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "32eea2a436f386ef44a00ef72be8be7d4070b02f84ba71c7ee1ca407fddce8ec" score = 75 quality = 90 @@ -44980,8 +45246,8 @@ rule REVERSINGLABS_Cert_Blocklist_0448Ec8D26597F99912138500Cc41C1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9348-L9364" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9348-L9364" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "001556c31cfb0d94978adc48dc0d24c83666512348c65508975cc9e1a119aeae" score = 75 quality = 90 @@ -45005,8 +45271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0108Cbaee60728F5Bf06E45A56D6F170 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9366-L9382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9366-L9382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "52027548e20c819e73ea5e9afd87faaca4498bc39e54dd30ad99a24e3ace57fd" score = 75 quality = 90 @@ -45030,8 +45296,8 @@ rule REVERSINGLABS_Cert_Blocklist_038D56A12153E8B5C74C69Bff65Cbe3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9384-L9400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9384-L9400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ed3a81231f93f9d2ae462481503ba37072c3800dd1379baae11737f093a27af1" score = 75 quality = 90 @@ -45055,8 +45321,8 @@ rule REVERSINGLABS_Cert_Blocklist_060D94E2Ccae84536654D9Daf39Fef1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9402-L9418" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9402-L9418" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "49000f3a3ce1ad9aef87162d7527b8f062e0aa12276b82c7335f0ccc14b7d38a" score = 75 quality = 90 @@ -45080,8 +45346,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc9B800F480691Bd6B60963466B0C75 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9420-L9436" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9420-L9436" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6a498fd30c611976e9aad2f9b85b13c3c29246582cdfefc800615db88e40dac2" score = 75 quality = 90 @@ -45105,8 +45371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C4324Ff41F0A7B16Ffcc93Dffa8Fa99 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9438-L9454" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9438-L9454" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d3ce83fb0497c533a5474d46300c341677ec243686723783798bfbaec4f6e369" score = 75 quality = 90 @@ -45130,8 +45396,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B980Fc8783E4F158E41829Ab21Bab81 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9456-L9472" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9456-L9472" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b0f43caec1cfc5b2d1512d7fcf0bcf1e02fc81764b4376b081f38c4de328eab2" score = 75 quality = 90 @@ -45155,8 +45421,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8F515715Aeffef0A0E4E37F16C254Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9474-L9492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9474-L9492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3c7d57a655f76a6e5ef6b0e770db7c91d0830b6b0b37caef5ef9e3e78ad1fd75" score = 75 quality = 90 @@ -45180,8 +45446,8 @@ rule REVERSINGLABS_Cert_Blocklist_D79739187C585E453C00Afc11D77B523 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9494-L9512" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9494-L9512" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6d6db87227d7be559afa67c4f2b65b01f26741fdf337d920241a633bb036426f" score = 75 quality = 90 @@ -45205,8 +45471,8 @@ rule REVERSINGLABS_Cert_Blocklist_961Cecb0227845317549E9343A980E91 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9514-L9532" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9514-L9532" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c74512e95e2d6aedecb1dbd30fac6fde40d1e9520c89b785519694d9bc9ba854" score = 75 quality = 90 @@ -45230,8 +45496,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ef6392B2993A6F67578299659467Ea8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9534-L9550" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9534-L9550" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6b454a575ea7635d5edebffe3c9c83e95312ee33245e733987532348258733e" score = 75 quality = 90 @@ -45255,8 +45521,8 @@ rule REVERSINGLABS_Cert_Blocklist_A918455C0D4Da7Ca474F41F11A7Cf38C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9552-L9570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9552-L9570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ea30d85c057f9363ce29d4c024097c50a8752dd2095481181322fe5d5c92bb4b" score = 75 quality = 90 @@ -45280,8 +45546,8 @@ rule REVERSINGLABS_Cert_Blocklist_936Bc256D2057Ca9B9Ec3034C3Ed0Ee6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9572-L9590" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9572-L9590" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7e90c29bcfe4632e70b61a0cf2ab48a3de986bd5c6c730f64a363f4f3d79a3f4" score = 75 quality = 90 @@ -45305,8 +45571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afe8Fee94B41422E01E4897Bcd52D0A4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9592-L9610" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9592-L9610" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "02c55b182bc9843334baed9c0a7cca2c88cd1de00ca9b47b10ec79b7a5acf9bb" score = 75 quality = 90 @@ -45330,8 +45596,8 @@ rule REVERSINGLABS_Cert_Blocklist_718E89Ddb33257Ea77Ba74Be7F2Baf1D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9612-L9628" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9612-L9628" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2f0defa1e1d905d937677e96f2a0955d9737f6976596932cc093fdecfea3fdb0" score = 75 quality = 90 @@ -45355,8 +45621,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D3E38F4Aebbc32257450726B29Be117 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9630-L9646" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9630-L9646" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f618547942fcd9b3d1104cb5bedeecec8596fa7cc34bca838b6120085b305d73" score = 75 quality = 90 @@ -45380,8 +45646,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F4C49Dae1F1Ff0Ebe9104C6F73242Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9648-L9666" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9648-L9666" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a8c99cc30b791a76fe3cd48184bf95ee47abb30bd200128efd2f5295ee18f7b1" score = 75 quality = 90 @@ -45405,8 +45671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac3C05F1Cb9453De8E7110F589Fb32C0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9668-L9686" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9668-L9686" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6328fd5dbb497c69ddc9151f85754669760b709ecbff3e8f320a40a62ca0dd2c" score = 75 quality = 90 @@ -45430,8 +45696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb96A90B6718810311767Ca25Ab1E48 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9688-L9706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9688-L9706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "431e3364a42b272d9b71b92dee44cc185ef034a45a0b72bbda82cf7e9b29c355" score = 75 quality = 90 @@ -45455,8 +45721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfd38423Aef875A10B16644D058297E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9708-L9726" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9708-L9726" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a2f67cbf31c9db2891892c31a7ed4ce7eccd834bfb10ae70f58e46f8e68e7c17" score = 75 quality = 90 @@ -45480,8 +45746,8 @@ rule REVERSINGLABS_Cert_Blocklist_E6C05C5A2222Bf92818324A3A7374Ad3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9728-L9746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9728-L9746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bea8fea49144abc109e33a5964bb8e113aa61b4cd70c72a43183cb0840429571" score = 75 quality = 90 @@ -45505,8 +45771,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Ce08Bdbad44123299Dbe9D7C1D20De : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9748-L9764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9748-L9764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8ba66ab55f9a6755e11a7f39152aa26917271c7f6bc5ffdb42d07ad791fb47d7" score = 75 quality = 90 @@ -45530,8 +45796,8 @@ rule REVERSINGLABS_Cert_Blocklist_333705C20B56E57F60B5Eb191Eef0D90 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9766-L9782" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9766-L9782" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30eeec467b837f6b1759cd0fd6a8bc2e8942f2400df170c671287f4159652479" score = 75 quality = 90 @@ -45555,8 +45821,8 @@ rule REVERSINGLABS_Cert_Blocklist_A2A0Ba281262Acce7A00119E25564386 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9784-L9802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9784-L9802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f5e3c16f6caaf5f3152d90dc48895d0bbcdb296c368beeebb96157f03a8ded40" score = 75 quality = 90 @@ -45580,8 +45846,8 @@ rule REVERSINGLABS_Cert_Blocklist_338483Cc174C16Ebc454A3803Ffd4217 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9804-L9820" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9804-L9820" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7d7dd55eaab15cf458e5e57f0e5fbebdcc9313aee05394310a5cf9d9b4def153" score = 75 quality = 90 @@ -45605,8 +45871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be89936C26Cd0D845074F6B7B47F480C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9822-L9840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9822-L9840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "348df24620bfe6322c410cb593f5caad67492b0b5af234ee89b0411beb4b48f9" score = 75 quality = 90 @@ -45630,8 +45896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F20A5155E53Ce20Bb644F646Ed6A2Fd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9842-L9858" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9842-L9858" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "70d57f2c24d4ae6f17339bfb998589a3b10f5dd4b19ac8a5bc99e082145c4ed0" score = 75 quality = 90 @@ -45655,8 +45921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea734E1Dfb6E69Ed2Bc55E513Bf95B5E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9860-L9878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9860-L9878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a18d1c1e5e22c1aa041a4b2d23d2aefcbedbd3517a079d578e1a143ecadb4533" score = 75 quality = 90 @@ -45680,8 +45946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ba67B0De51Ebb9B1179804E75357Ab26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9880-L9898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9880-L9898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "69b9012fc4ab9636d159de49ff452f054030c1157cf70a95512b2a0748dad7c0" score = 75 quality = 90 @@ -45705,8 +45971,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cff2B275Ba8A1Dde83Ac7Ff858399A62 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9900-L9918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9900-L9918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d37e1d94048339a86b8fa173d3ab753fc5e79329b73df9fda5815cd622c57745" score = 75 quality = 90 @@ -45730,8 +45996,8 @@ rule REVERSINGLABS_Cert_Blocklist_D22E026C5B5966F1Cf6Ef00A7C06682E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9920-L9938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9920-L9938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "33a05d46b40ffdf49bfa5facca41ebdf6bedcabc1cb1f5b9bf2d043ad1c869b0" score = 75 quality = 90 @@ -45755,8 +46021,8 @@ rule REVERSINGLABS_Cert_Blocklist_3054F940C931Bad7B238A24376C6A5Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9940-L9956" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9940-L9956" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "21c8e8f10d1e4b9eb917c86ac868de2afcd5776a9c1d59149df1d07d8c3e14b9" score = 75 quality = 90 @@ -45780,8 +46046,8 @@ rule REVERSINGLABS_Cert_Blocklist_A617E23D6Ca8F34E2F7413Cd299Fc72B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9958-L9976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9958-L9976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f307a0b598f0876c003aa43db50e024698b6f93931e626c085f98553c14ec2ae" score = 75 quality = 90 @@ -45805,8 +46071,8 @@ rule REVERSINGLABS_Cert_Blocklist_387Eeb89B8Bf626Bbf4C7C9F5B998B40 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9978-L9994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9978-L9994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2377eeb5316d25752443735e78d0ad7de398a2677f5a0fd45fd6e6c87720d49b" score = 75 quality = 90 @@ -45830,8 +46096,8 @@ rule REVERSINGLABS_Cert_Blocklist_292Eb1133507F42E6F36C5549C189D5E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L9996-L10012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L9996-L10012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bc3ef217455b74900cae114d25b02325d2bef25c11873342df1dd2369cbce76a" score = 75 quality = 90 @@ -45855,8 +46121,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fbf16A33D26390A15F046C310030Cf0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10014-L10030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10014-L10030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24bee3563e0867ef6702e7f57bbce7075f766410650ae5ce1e2e8c7b14a3eaca" score = 75 quality = 90 @@ -45880,8 +46146,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F007898Afcba5F8Af8Ae65D01803617 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10032-L10048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10032-L10048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "27610bb3bf069991803611474abf44a3bf82fc9283d0412a1c24ae46a3f5352e" score = 75 quality = 90 @@ -45905,8 +46171,8 @@ rule REVERSINGLABS_Cert_Blocklist_E55Be88Ddbd93C423220468D430905Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10050-L10068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10050-L10068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "05b2f297454e7080591b85991b224193eb89fc5074eb3c2e484ceadad2de4cb7" score = 75 quality = 90 @@ -45930,8 +46196,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Bcb74291D96096577Bdb1E165Dce85 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10070-L10086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10070-L10086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "00b7ff8f3cbc04c48c71433c384d7a7884b856f261850e33ea4413a12cf5a1b5" score = 75 quality = 90 @@ -45955,8 +46221,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8442A8185082Ef1Ed7Dc3Fff2176Aa7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10088-L10106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10088-L10106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "74b1b48f0179187ea7bb8ef4663bf13da47f5c6405ecc5589706184564c05727" score = 75 quality = 90 @@ -45980,8 +46246,8 @@ rule REVERSINGLABS_Cert_Blocklist_0406C4A1521A38C8D0C4Aa214388E4Dc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10108-L10124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10108-L10124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f6780751ae553771eb57201a8672847a24512e6279b6a4fd843d8ee2f326860a" score = 75 quality = 90 @@ -46005,8 +46271,8 @@ rule REVERSINGLABS_Cert_Blocklist_12705Fb66Bc22C68372A1C4E5Fa662E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10126-L10142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10126-L10142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f10316a26e2d34400b7c2e403eab18ab6c1cc94b35f0ac8a3f490d101d29dc8d" score = 75 quality = 90 @@ -46030,8 +46296,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B0914E2982Be8980Aa23F49848555E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10144-L10160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10144-L10160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ea7d9fa7817751fef775765b54be5dd4d00c15ca50ac10fb40fb46cc3634c7b0" score = 75 quality = 90 @@ -46055,8 +46321,8 @@ rule REVERSINGLABS_Cert_Blocklist_029Bf7E1Cb09Fe277564Bd27C267De5A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10162-L10178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10162-L10178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3f64372d11d61c669580d90cdf2201e7f2904fb3d73d27be2ff1559c9c37614a" score = 75 quality = 90 @@ -46080,8 +46346,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3Aee8Abb9948844A3Ac1C04Cc7E6Bdf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10180-L10198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10180-L10198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3f3f1d5c871d2b73627d4281ac5bcd08799fb47f94155e82795d97c87de35e40" score = 75 quality = 90 @@ -46105,8 +46371,8 @@ rule REVERSINGLABS_Cert_Blocklist_734819463C1195Bd6E135Ce4D5Bf49Bc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10200-L10216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10200-L10216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a63c05cca23b61ba6eabda2b60c617b966a2669fd3a0da30354792e5c1ae2140" score = 75 quality = 90 @@ -46130,8 +46396,8 @@ rule REVERSINGLABS_Cert_Blocklist_Db95B22362D46A73C39E0Ac924883C5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10218-L10236" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10218-L10236" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "895983bcb7f3a0c5ce54504f4a2ff8d652137434b8951380d756de6556d0844e" score = 75 quality = 90 @@ -46155,8 +46421,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C48732873Ac8Ccebaf8F0E1E8329Cec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10238-L10254" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10238-L10254" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7c9476a4119e013c8bb3c14b607090d592feaa5f2fc0f78d810555681d4a3733" score = 75 quality = 90 @@ -46180,8 +46446,8 @@ rule REVERSINGLABS_Cert_Blocklist_C51F4Cf4D82Bc920421E1Ad93E39D490 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10256-L10274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10256-L10274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cef717e7fe3eb0fb958d405caaf98fa51b22b150ccbf1286d3b4634e9df81ade" score = 75 quality = 90 @@ -46205,8 +46471,8 @@ rule REVERSINGLABS_Cert_Blocklist_C96086F1894E6420D2B4Bdeea834C4D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10276-L10294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10276-L10294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "949bbd41ad4c83a05c1f004786cd296e2af80a3a559955ec90a4675cdfa04258" score = 75 quality = 90 @@ -46230,8 +46496,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Fa27A121Cc82230C3013Ee634B6C62 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10296-L10312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10296-L10312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "23ac7a97e7632536ed27cf9078b6bc1a734f1e991a20a228734b45117582f367" score = 75 quality = 90 @@ -46255,8 +46521,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Dd3B2F7957Ba99F4B04Fcdbe03B7Aac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10314-L10332" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10314-L10332" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d4f1b75dddd47fe8a19bd8e794b4930bdcaf54d63db57422db0a9b631d4f488d" score = 75 quality = 90 @@ -46280,8 +46546,8 @@ rule REVERSINGLABS_Cert_Blocklist_061051Ff2A8Afab10347A6F1Ff08Ecb6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10334-L10350" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10334-L10350" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "db3ac3ee326c60e9abc94a2fb53d801637f044e7ab72d69e53958799e48747b7" score = 75 quality = 90 @@ -46305,8 +46571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda2429083Bfafb04E6E7Bdda1B08834 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10352-L10370" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10352-L10370" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4f7d5c6929fe364c8868fddb28dd7bbf7cdcf3896d57836466af1a538190d11c" score = 75 quality = 90 @@ -46330,8 +46596,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A590154B5980E566314122987Dea548 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10372-L10388" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10372-L10388" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d5fdf2bc61fadf3e73bcf1695c48ebc465e614cdd2310f9e5f40648d9615afc4" score = 75 quality = 90 @@ -46355,8 +46621,8 @@ rule REVERSINGLABS_Cert_Blocklist_69A72F5591Ad78A0825Fbb9402Ab9543 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10390-L10406" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10390-L10406" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "72ca07b7722f9506c5c42b5e58c5ce9b3a7d607164a5f265015769f2831cd588" score = 75 quality = 90 @@ -46380,8 +46646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0883Db137021B51F3A2A08A76A4Bc066 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10408-L10424" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10408-L10424" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5e3c8654169830790665992f5d7669d0ca6c1c8048580b3ae70331ad2a763a6c" score = 75 quality = 90 @@ -46405,8 +46671,8 @@ rule REVERSINGLABS_Cert_Blocklist_2B921Aaaba777B5A99507196C6F1C46C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10426-L10442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10426-L10442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a00eb9837f7700d83862dff2077d85c68c24621d7aacf857b42587dc37976465" score = 75 quality = 90 @@ -46430,8 +46696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0332D5C942869Bdcabf5A8266197Cd14 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10444-L10460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10444-L10460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "726ac44dd8109fcd0a9120f6c0673b8ecf7d5b3a4bb81976f48402e21502201a" score = 75 quality = 90 @@ -46455,8 +46721,8 @@ rule REVERSINGLABS_Cert_Blocklist_4679C5398A279318365Fd77A84445699 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10462-L10478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10462-L10478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bdb68be92b3ba6b5eaa6e8e963529c0b9213942ba2552c687496ad5d12d5b472" score = 75 quality = 90 @@ -46480,8 +46746,8 @@ rule REVERSINGLABS_Cert_Blocklist_101D6A5A29D9A77807553Ceac669D853 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10480-L10496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10480-L10496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bce92750f71477ecfa7b8213724344708066c0e6133a47cd6758bbd9f8f9da5f" score = 75 quality = 90 @@ -46505,8 +46771,8 @@ rule REVERSINGLABS_Cert_Blocklist_6000F8C02B0A15B1E53B8399845Faddf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10498-L10514" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10498-L10514" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "00ceb241555154cab97ef616042dbd966f3a8fae257e142dfe6bad9559bd1724" score = 75 quality = 90 @@ -46530,8 +46796,8 @@ rule REVERSINGLABS_Cert_Blocklist_121070Be1E782F206985543Bc7Bc58B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10516-L10532" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10516-L10532" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a5d603cf64c8a16fa12daf9c6b5d0850e6145fb39b38442ed724ec0f849b8be9" score = 75 quality = 90 @@ -46555,8 +46821,8 @@ rule REVERSINGLABS_Cert_Blocklist_5226A724Cfa0B4Bc0164Ecda3F02A3Dc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10534-L10550" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10534-L10550" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ba1155b30761f48674aaa82a70a06fea30cced6518f089f3f9f173a4eb06a09" score = 75 quality = 90 @@ -46580,8 +46846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A7Be7722B65A866Ebcd3Bd7F8F10825 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10552-L10568" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10552-L10568" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c4aa22241ef72d454db4ec0fb0933abfa7b1d8d1029b45410475832cda4a2af4" score = 75 quality = 90 @@ -46605,8 +46871,8 @@ rule REVERSINGLABS_Cert_Blocklist_05634456Dbedb3556Ca8415E64815C5D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10570-L10586" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10570-L10586" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f5941c74821c0cd76633393d0346a9de2c7bccc666dc20b34c5b4d733faefc8f" score = 75 quality = 90 @@ -46630,8 +46896,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E07A8D6E3B25Ae010C8Ed2C4Ab0Fb37 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10588-L10604" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10588-L10604" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bad2144c9cde02a75fa968e3c24178f3ba73b0addb2b4967f24733b933e0eeb6" score = 75 quality = 90 @@ -46655,8 +46921,8 @@ rule REVERSINGLABS_Cert_Blocklist_30B4Eeebd88Fd205Acc8577Bbaed8655 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10606-L10622" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10606-L10622" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "673ec5a1cacb9a7be101a4a533baf5a1eab4e6dd8721c69e56636701c5303c72" score = 75 quality = 90 @@ -46680,8 +46946,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3391A6C1B3C6836533959E2384Ab4Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10624-L10642" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10624-L10642" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "38e38acfbfbf63b7179d2f8656f70224afa9269a7bdecd10ccbbbd92a6a216d3" score = 75 quality = 90 @@ -46705,8 +46971,8 @@ rule REVERSINGLABS_Cert_Blocklist_05D50A0E09Bb9A836Ffb90A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10644-L10660" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10644-L10660" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1bd1960cd6dd8bf83472dc2b1809b84ceb3db68a5e6c3ba68f28ad922230b2ed" score = 75 quality = 90 @@ -46730,8 +46996,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2787Fbb4627C91611573E323584113 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10662-L10678" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10662-L10678" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "efa352beafb56b95a89554bc8929f8e01a4da46eef1f6cf8a1487a2a06bc1b3e" score = 75 quality = 90 @@ -46755,8 +47021,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D36C4F439D651503589318F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10680-L10696" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10680-L10696" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73dc3c01041d50100a8d5519afe1a80f470c30175f9ad1bf76ac287ac199a959" score = 75 quality = 90 @@ -46780,8 +47046,8 @@ rule REVERSINGLABS_Cert_Blocklist_26F855A25890B749578F13E4B9459768 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10698-L10714" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10698-L10714" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "35bfa39ef8f03d10af884f288278ea6ad3aff31cbae111057c2b619c6dc0a752" score = 75 quality = 90 @@ -46805,8 +47071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F1Ae2239Bb96C5Aef49D0Ae50266912 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10716-L10732" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10716-L10732" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4f88df4fc2f4cd89aa177ce09caab3e2660267ae883f7ab54c22a9ba1657bad0" score = 75 quality = 90 @@ -46830,8 +47096,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Deea179F5757Fe529043577762419Df : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10734-L10750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10734-L10750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "67c3d3496caf54ca0b1afc4d1dcc902e2f3632ac6708f85e163d427b567d098f" score = 75 quality = 90 @@ -46855,8 +47121,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1F9Ec88D185631Ab032Dbfd5166C0D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10752-L10768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10752-L10768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dec9d43c6911deb5f35c45692bfd6ef47f85d955f5e59041e58a1f0d2fc306e3" score = 75 quality = 90 @@ -46880,8 +47146,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Af00Ce542760Fc116B41Fa92E18589 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10770-L10786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10770-L10786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ff773d252e5e0402171ae15d7ab43bcfd313eb8c326ed5f128a89ec43386a52" score = 75 quality = 90 @@ -46905,8 +47171,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Ba18A267D6D8E08Ebc6E2457D58D1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10788-L10804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10788-L10804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "174fe170c26a8197486e7b390d9fce4da61fb68ee5dc9486d43dbeb3cf659c3a" score = 75 quality = 90 @@ -46930,8 +47196,8 @@ rule REVERSINGLABS_Cert_Blocklist_12Df5Ff3460979Cec1288D874A9Fbf83 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10806-L10822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10806-L10822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3d4b5e56962d04bc35451eeab4c1870c8653c9afcbb28dc6bad7cfb1711e9df1" score = 75 quality = 90 @@ -46955,8 +47221,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df2547B2Cab5689A81D61De80Eaaa3A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10824-L10842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10824-L10842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cde89ae5b77ff6833fe642bdd74e81763ef068e31c07e7881906e4e4a5939942" score = 75 quality = 90 @@ -46980,8 +47246,8 @@ rule REVERSINGLABS_Cert_Blocklist_28B691272719B1Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10844-L10860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10844-L10860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0bd973f415b7cfa0858c705c4486da9f181c7259af01d1cff486fb6b8e8e775b" score = 75 quality = 90 @@ -47005,8 +47271,8 @@ rule REVERSINGLABS_Cert_Blocklist_1C897216E58E83Cbe74Ad03284E1Fb82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10862-L10878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10862-L10878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6b3b2708d3a442fa6425e60ae900c94fc22fbfdb47f290ff56e9d349d99fd85f" score = 75 quality = 90 @@ -47030,8 +47296,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A364C4957D93406F76321C2316F42F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10880-L10896" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10880-L10896" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fe3a2b906debb3f03e6a403829fca02c751754e9a02442a962c66defb84aed83" score = 75 quality = 90 @@ -47055,8 +47321,8 @@ rule REVERSINGLABS_Cert_Blocklist_E7E7F7180666546Ce7A8Da32119F5Ce1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10898-L10916" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10898-L10916" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "940f6508208998593f309ffeeeda20ab475d427c952a14871b6e58e17d2a4c85" score = 75 quality = 90 @@ -47080,8 +47346,8 @@ rule REVERSINGLABS_Cert_Blocklist_062B2827500C5Df35A83F661B3Af5Dd3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10918-L10934" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10918-L10934" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4edc263b08b21428b5f2f4f14f9582c0f96f79cb49fbba563c103bf8bb2037a6" score = 75 quality = 90 @@ -47105,8 +47371,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bf27695Fd20B588F2B2F173B6Caf2Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10936-L10952" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10936-L10952" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "94d8739761b6a8ee91550be47432b046609b076aab6e57996de123a0fcaba73e" score = 75 quality = 90 @@ -47130,8 +47396,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B248C8508042D36Bbd5D92D189C61D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10954-L10970" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10954-L10970" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2c063d0878a8bf6cd637e1dac2cb9164beb52c951e01858a7c3c9c4c1a853f54" score = 75 quality = 90 @@ -47155,8 +47421,8 @@ rule REVERSINGLABS_Cert_Blocklist_032660Ee1D49Ad35086027473E2614E5E724 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10972-L10988" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10972-L10988" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8d1435d2fa70db12cde2f9098e35ca1737f5aac36bac91329b28f03aad090e90" score = 75 quality = 90 @@ -47180,8 +47446,8 @@ rule REVERSINGLABS_Cert_Blocklist_043052956E1E6Dbd5F6Ae3D8B82Cad2A2Ed8 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L10990-L11006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L10990-L11006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c29fb109c741437a3739f1c42aadace8f612ef1e3ea90e3e2bdd8a92c85e766a" score = 75 quality = 90 @@ -47205,8 +47471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbc03Ca7E6Ae6Db6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11008-L11026" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11008-L11026" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0077b9c46ddd98a4929878ba4ba9476ed7fb1d7bf6e30c3ae0f950445d01e8f3" score = 75 quality = 90 @@ -47230,8 +47496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D27332C3Cb3A382A4Fd232C5C66A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11028-L11044" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11028-L11044" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c1c50015db7f97b530819b40e2578463a6021bfff8e2582858a4c3fbd1a9b9bc" score = 75 quality = 90 @@ -47255,8 +47521,8 @@ rule REVERSINGLABS_Cert_Blocklist_82D224323Efa65060B641F51Fadfef02 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11046-L11064" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11046-L11064" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9d361c91ed24b6c20a7b35957e26f208ce8e0a3d79c5a6fed6278acd826ccf49" score = 75 quality = 90 @@ -47280,8 +47546,8 @@ rule REVERSINGLABS_Cert_Blocklist_890570B6B0E2868A53Be3F8F904A88Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11066-L11084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11066-L11084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fb7af8ec09da2fecaaaed8c7770966f11ef8a44a131553a9d1412387db2fb7ea" score = 75 quality = 90 @@ -47305,8 +47571,8 @@ rule REVERSINGLABS_Cert_Blocklist_2642Fe865F7566Ce3123A5142C207094 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11086-L11102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11086-L11102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1ad4adf8b05a6cc065d289e6963480d37a92712a318744a30a16aad22380f238" score = 75 quality = 90 @@ -47330,8 +47596,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A2E337Fff23E5B2A1321Ffde56D1759 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11104-L11120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11104-L11120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bc2df95ddf1ef3d5f83d14852e1cf6cbf4b71bfbe88fc97c2a4553e8581ddf47" score = 75 quality = 90 @@ -47355,8 +47621,8 @@ rule REVERSINGLABS_Cert_Blocklist_92D9B92F8Cf7A1Ba8B2C025Be730C300 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11122-L11140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11122-L11140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a0be6157e589705ad19756971bd865edad2d54760d03c2e6f47a461b402ad68" score = 75 quality = 90 @@ -47380,8 +47646,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8164F7143E1A313003Ab0C834562F1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11142-L11160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11142-L11160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a42fec2e0e8d37948420f16907f39c3d502c535be98024d04a777dfbc633004d" score = 75 quality = 90 @@ -47405,8 +47671,8 @@ rule REVERSINGLABS_Cert_Blocklist_24E4A2B3Db6Be1007B9Ddc91995Bc0C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11162-L11178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11162-L11178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "861691ce7bae4366f3b35d01c84bb0031b54653869f52eaccf20808b1b55d2af" score = 75 quality = 90 @@ -47430,8 +47696,8 @@ rule REVERSINGLABS_Cert_Blocklist_881573Fc67Ff7395Dde5Bccfbce5B088 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11180-L11198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11180-L11198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ce489a4a2f07181d6fbf295f426deeaf51310e061bac2e56d65b37eeb397ff9a" score = 75 quality = 90 @@ -47455,8 +47721,8 @@ rule REVERSINGLABS_Cert_Blocklist_53E1F226Cb77574F8Fbeb5682Da091Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11200-L11216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11200-L11216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "591846225d5faf3ee8f3102acaad066f0187219044077bbdaf32345613b00965" score = 75 quality = 90 @@ -47480,8 +47746,8 @@ rule REVERSINGLABS_Cert_Blocklist_0772B4D1D63233D2B8771997Bc8Da5C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11218-L11234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11218-L11234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30586a643b29f3c943b3f35bb1639c5b9fa48ecbd776775086e35af502aa4a7a" score = 75 quality = 90 @@ -47505,8 +47771,8 @@ rule REVERSINGLABS_Cert_Blocklist_02B6656292310B84022Db5541Bc48Faf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11236-L11252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11236-L11252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40b570b28e10ebd2a1ba515dc3fa45bdb5c0b76044e4dda7a6819976072a67a2" score = 75 quality = 90 @@ -47530,8 +47796,8 @@ rule REVERSINGLABS_Cert_Blocklist_64C2505C7306639Fc8Eae544B0305338 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11254-L11270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11254-L11270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9b6fb002d603135391958668be0ef805e441928a035c9c4da4bb9915aa3086e8" score = 75 quality = 90 @@ -47555,8 +47821,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F96A89Bfec6E44Dd224E8Fd7E72D9Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11272-L11288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11272-L11288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c0c8e5c0e2e120ee6b055e9a6b2af3d424bed0832c2619beab658fe01757f69f" score = 75 quality = 90 @@ -47580,8 +47846,8 @@ rule REVERSINGLABS_Cert_Blocklist_B649A966410F62999C939384Af553919 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11290-L11308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11290-L11308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "623a2f931198eacf44fd233065e96a4dcadb5b3bbc7ca56df2b6ae9eafc4faa5" score = 75 quality = 90 @@ -47605,8 +47871,8 @@ rule REVERSINGLABS_Cert_Blocklist_45245Eef53Fcf38169C715Cf68F44452 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11310-L11326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11310-L11326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7e0c3147e657802e457f6df271b7f5a64c81fd13f936a8935aa991022e4ab238" score = 75 quality = 90 @@ -47630,8 +47896,8 @@ rule REVERSINGLABS_Cert_Blocklist_1895433Ee9E2Bd48619D75132262616F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11328-L11344" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11328-L11344" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f00a29ff5dddae40225ab62cb2d4b9dec1539ad58c8cd27d686480eecdb3e31d" score = 75 quality = 90 @@ -47655,8 +47921,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ffc9825644Caf5B1F521780C5C7F42C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11346-L11362" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11346-L11362" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1a9263c809f5633d01d4d4d0091c8dc214bad73af0eff3c9a94b33bca513f26d" score = 75 quality = 90 @@ -47680,8 +47946,8 @@ rule REVERSINGLABS_Cert_Blocklist_8D52Fb12A2511E86Bbb0Ba75C517Eab0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11364-L11382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11364-L11382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "023830ab3d71ed8ecf8f0e271c56dc267dcd000f5ff156c70d31089cd7010da8" score = 75 quality = 90 @@ -47705,8 +47971,8 @@ rule REVERSINGLABS_Cert_Blocklist_332Bd5801E8415585E72C87E0E2Ec71D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11384-L11400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11384-L11400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3648c3a8dbcdbd24746b9fa8cb3071d5f5019e5917848d88437158c6cb165445" score = 75 quality = 90 @@ -47730,8 +47996,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3B80C0932B52A708477939B0D32186F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11402-L11420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11402-L11420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "acdfce4dc25cbc9e9817453d5cf56c7d319bebdf7a039ea47412ec3b2f68cb02" score = 75 quality = 90 @@ -47755,8 +48021,8 @@ rule REVERSINGLABS_Cert_Blocklist_C79F817F082986Bef3209F6723C8Da97 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11422-L11440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11422-L11440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a5960f4c2ed768ccc5779d3754f51463c7b14a3a887c690944add23fba464f1a" score = 75 quality = 90 @@ -47780,8 +48046,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E5Efa53A14599Cc82F56F0790E20B17 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11442-L11458" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11442-L11458" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "78cbfeb5d7b58029a5b4107f2a59e892ff9d71788cf74e88ac823cb85ba35a94" score = 75 quality = 90 @@ -47805,8 +48071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf2D0B5Bfdd68Cf777A0C12F806A569 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11460-L11476" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11460-L11476" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4d8fd52cd12f9512c0b148f9915860152f108884d29617a5fbfd62500d3a14c4" score = 75 quality = 90 @@ -47830,8 +48096,8 @@ rule REVERSINGLABS_Cert_Blocklist_F675139Ea68B897A865A98F8E4611F00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11478-L11496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11478-L11496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2306e90d376f5de8a4eb6d4a696bc1781686d7094cb0a2db48019ee93c1bf60a" score = 75 quality = 90 @@ -47855,8 +48121,8 @@ rule REVERSINGLABS_Cert_Blocklist_4728189Fa0F57793484Cdf764F5E283D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11498-L11514" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11498-L11514" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9ec7e84c77583bd52ccfb8d6d5831f3634ed0a401d8103376c4775b7f2c43d81" score = 75 quality = 90 @@ -47880,8 +48146,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd81A9Adaf71F1Ff081C1F4A05D7Fd7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11516-L11534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11516-L11534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e275a1fd2eb931030fa8b5fc11cd1b335835aaa553a42455053cb93fef5e6e72" score = 75 quality = 90 @@ -47905,8 +48171,8 @@ rule REVERSINGLABS_Cert_Blocklist_C81319D20C6F1F1Aec3398522189D90C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11536-L11554" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11536-L11554" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2a9f13f5e79a12f7e9d9d4a0dcaac065e1fc5167c67bc9f3fd7ba1c374b26d96" score = 75 quality = 90 @@ -47930,8 +48196,8 @@ rule REVERSINGLABS_Cert_Blocklist_C318D876768258A696Ab9Dd825E27Acd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11556-L11574" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11556-L11574" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "691b57929c93d14f8700e0e61170b9248499fd36b80aec90f2054c32d6a3a9eb" score = 75 quality = 90 @@ -47955,8 +48221,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Df5C318759D6Ea9D090Bfb2Faf1D94 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11576-L11592" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11576-L11592" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5f151ee5781a15cca4394fdd8200162eae47e9d088a0b1551c9ed22ce11473a2" score = 75 quality = 90 @@ -47980,8 +48246,8 @@ rule REVERSINGLABS_Cert_Blocklist_02De1Cc6C487954592F1Bf574Ca2B000 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11594-L11610" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11594-L11610" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "40b78005d343684d08bb93e92c51eee10e674e8deb9eec290bc9ffe3b23061b1" score = 75 quality = 90 @@ -48005,8 +48271,8 @@ rule REVERSINGLABS_Cert_Blocklist_A32B8B4F1Be43C23Eb2848Ab4Ef06Bb2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11612-L11630" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11612-L11630" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dd7d44349baaf4a2e2f61b38cef31f288110bb03944fd4593f52a0ab03b9d172" score = 75 quality = 90 @@ -48030,8 +48296,8 @@ rule REVERSINGLABS_Cert_Blocklist_626735Ed30E50E3E0553986D806Bfc54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11632-L11648" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11632-L11648" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0a2acf8528a12fd05cf58c2ed5224f7472d14251b342ce4df6d9c10c6a6decfc" score = 75 quality = 90 @@ -48055,8 +48321,8 @@ rule REVERSINGLABS_Cert_Blocklist_34D42E871Ddb1C92Fa20B55B384E1259 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11650-L11666" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11650-L11666" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8af5f4abe6425713b7c1fd17deaa78b2cfd6ef73ad960bce883e95661c2dbb56" score = 75 quality = 90 @@ -48080,8 +48346,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4Dc90047B8470Ccaf3924Dfbd8B5F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11668-L11684" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11668-L11684" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "569db2f6d6f4da9985c57812a03f91bce88f2150b17659249e0f746a0d15150b" score = 75 quality = 90 @@ -48105,8 +48371,8 @@ rule REVERSINGLABS_Cert_Blocklist_C2Fc83D458E653837Fcfc132C9B03062 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11686-L11704" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11686-L11704" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "836cec8d8396680dd64f95d4dd41f7f5876cb4268d983238a01d2e0990cce74a" score = 75 quality = 90 @@ -48130,8 +48396,8 @@ rule REVERSINGLABS_Cert_Blocklist_54C793D2224Bdd6Ca527Bb2B7B9Dfe9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11706-L11722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11706-L11722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "81c9c1d841d4aae3de229cc499ee84920d89928590a3eb157f7a7a7fbc46b4a8" score = 75 quality = 90 @@ -48155,8 +48421,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cece6Df54Cf6Ad63596546D77Ba3581 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11724-L11742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11724-L11742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6b5bca36ef492ce9b79be905c86c66d43ef38701dafeed977229034119bd00d" score = 75 quality = 90 @@ -48180,8 +48446,8 @@ rule REVERSINGLABS_Cert_Blocklist_984E84Cfe362E278F558E2C70Aaafac2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11744-L11762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11744-L11762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e7a8f3dff77121df53d5f932f861e15208b0607ba77712f40927bc14b17a53cd" score = 75 quality = 90 @@ -48205,8 +48471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ff52Eb011Bb748Fee75153Cbe1E50Dd6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11764-L11782" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11764-L11782" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8c80ed4e4f77df34ff9fcc712deda4c1bbedc588f2b01d02aa705e368fb98c5e" score = 75 quality = 90 @@ -48230,8 +48496,8 @@ rule REVERSINGLABS_Cert_Blocklist_84A4A0D0657E217B176B455E2465Aee0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11784-L11802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11784-L11802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "92f6e90bd21182bece68ac1651105f96a18c5b1497d30e0040a978e349341bdb" score = 75 quality = 90 @@ -48255,8 +48521,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8F726508Cf1D7B7913Bf4Bbd1E5C19C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11804-L11822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11804-L11822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ec05c7e41e309aff00ae819c63f5bdc8e4172c611779da345efd211e48c9efb1" score = 75 quality = 90 @@ -48280,8 +48546,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A241Ffe96A6349Df608D22C02942268 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11824-L11840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11824-L11840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "79db8be7ca3ed80eb1e3a9401e8fec2b83da8b95b16789ed0b59bb7f4639a94d" score = 75 quality = 90 @@ -48305,8 +48571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa1D84779792B57F91Fe7A4Bde041942 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11842-L11860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11842-L11860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "682af8c799acaca531724c5b3184b855e64ec4531fcc333a485ba2f63331cdae" score = 75 quality = 90 @@ -48330,8 +48596,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C98B6872Fbb1F4Ae37A4Caa749D24C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11862-L11878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11862-L11878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c534ad306f85e12eca2336e998120deb4ba8d0d63b8331986ec7fe4ac69ba65a" score = 75 quality = 90 @@ -48355,8 +48621,8 @@ rule REVERSINGLABS_Cert_Blocklist_E4E795Fd1Fd25595B869Ce22Aa7Dc49F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11880-L11898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11880-L11898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ced47bd69b58de9e6b2aa7518ccceca088884acb79c0803c3defe6b115a0abb6" score = 75 quality = 90 @@ -48380,8 +48646,8 @@ rule REVERSINGLABS_Cert_Blocklist_E953Ada7E8F1438E5F7680Ff599Ae43E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11900-L11918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11900-L11918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7cb7d77abefd35f0756c5aa0983f7403cca4cbacd94dcc6b510c929bc96c8309" score = 75 quality = 90 @@ -48405,8 +48671,8 @@ rule REVERSINGLABS_Cert_Blocklist_28C57Df09Ce7Cc3Fde2243Beb4D00101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11920-L11936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11920-L11936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "84402dc0a58fca36424d8d6d13c60b80342bb3792f4e32e23878530264358726" score = 75 quality = 90 @@ -48430,8 +48696,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D8Cfcf04209Dc7F771D8D18E462C35A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11938-L11954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11938-L11954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b784e46268d78046365400ef914d7ca673503c93962d0b0740ca2ac9faf7857" score = 75 quality = 90 @@ -48455,8 +48721,8 @@ rule REVERSINGLABS_Cert_Blocklist_016836311Fc39Fbb8E6F308Bb03Cc2B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11956-L11972" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11956-L11972" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c5f6372a207d02283840e745619e93194d954eedff7bae34aadcb645b1cb78fc" score = 75 quality = 90 @@ -48480,8 +48746,8 @@ rule REVERSINGLABS_Cert_Blocklist_435Abf46053A0A445C54217A8C233A7F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11974-L11990" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11974-L11990" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "839f55e8fe7a86aad406e657fdef48925543b5d3884927104fd3786444a8fccc" score = 75 quality = 90 @@ -48505,8 +48771,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2F9C693A2E6634565F63C79B01Dd8F8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L11992-L12010" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L11992-L12010" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f5ec67c082be21a2495ef90fd0a6d4fc4b1379c4903dcc051d39cf1913d5cf20" score = 75 quality = 90 @@ -48530,8 +48796,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A6D33F73129E0Ef059Ccf51Be0C35E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12012-L12028" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12012-L12028" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6fbed9c8537ea2baeb58044a934fc9741730b8a3ae4d059c23b033973d7ff7d3" score = 75 quality = 90 @@ -48555,8 +48821,8 @@ rule REVERSINGLABS_Cert_Blocklist_142Aac4217E22B525C8587589773Ba9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12030-L12046" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12030-L12046" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f169925c27f5e0f8d5f658b83d1b9fa4548c4443b16bd4d7f87aa2b8e44bf06b" score = 75 quality = 90 @@ -48580,8 +48846,8 @@ rule REVERSINGLABS_Cert_Blocklist_239664C12Baeb5A6D787912888051392 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12048-L12064" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12048-L12064" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ab2c228088a4c11b3a0f1a5f0acf181cc31e548781cb3f1205475bfbe39c7236" score = 75 quality = 90 @@ -48605,8 +48871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0218Ebfd5A9Bfd55D2F661F0D18D1D71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12066-L12082" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12066-L12082" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4aabe3beab0055b6ef8f6114c5236940f5693b44e94efd14132b450bb9232c03" score = 75 quality = 90 @@ -48630,8 +48896,8 @@ rule REVERSINGLABS_Cert_Blocklist_35590Ebe4A02Dc23317D8Ce47A947A9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12084-L12100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12084-L12100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2d4bc88943cdc8af00effab745e64e60ef662c668a0b2193c256d11831ef1554" score = 75 quality = 90 @@ -48655,8 +48921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa07D4F2857119Cee514A0Bd412F8201 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12102-L12120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12102-L12120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbbea89f2070b2a527bba6199022fbffd269e664b000988a59adf4ca0d4a9f22" score = 75 quality = 90 @@ -48680,8 +48946,8 @@ rule REVERSINGLABS_Cert_Blocklist_40F5660A90301E7A8A8C3B42 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12122-L12138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12122-L12138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3573d1d5f11df106f1f6f44f8b0164992f2a50707c6df7b08b05ed9ea7d9173b" score = 75 quality = 90 @@ -48705,8 +48971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0400C7614F86D75Fe4Ee3F6192B6Feda : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12140-L12156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12140-L12156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "47735267e9a0fb8107f6c4008bacc8aada1705f6714a0447dacc3928fc20cad6" score = 75 quality = 90 @@ -48730,8 +48996,8 @@ rule REVERSINGLABS_Cert_Blocklist_E573D9C8B403C41Bd59Ffa0A8Efd4168 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12158-L12176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12158-L12176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "425126b90fe2ab7c1ec7bf2fd5a91e4438a81992f20f99ed87ec62e7f20043cd" score = 75 quality = 90 @@ -48755,8 +49021,8 @@ rule REVERSINGLABS_Cert_Blocklist_B06Bc166Fc765Dacd2F7448C8Cdd9205 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12178-L12196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12178-L12196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2c47166f02c7f94bb4f82296e3220ff7ca3c6c53566d855b2fe77cb842a5fb43" score = 75 quality = 90 @@ -48780,8 +49046,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9268Ed63A7D7E9Dfd40A664Ddfbaf18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12198-L12216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12198-L12216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fc840c0b37867c3b0aa80d4dc609feaaab77d3f0c6f84c8bb2ea7c5a6461ebb8" score = 75 quality = 90 @@ -48805,8 +49071,8 @@ rule REVERSINGLABS_Cert_Blocklist_425Dc3E0Ca8Bcdce19D00D87E3F0Ba28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12218-L12234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12218-L12234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "67a975f2806825bf0da27fcaf33c2ff497fe9bb2af12c22ff505b49070516960" score = 75 quality = 90 @@ -48830,8 +49096,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc0Ddb7Bdc8207E8C3B7204018Eecd3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12236-L12254" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12236-L12254" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "302e2d6b31ca5c2c33c4ec7294630fd88a9c40f70ddecdc606ccff27b24e1cd4" score = 75 quality = 90 @@ -48855,8 +49121,8 @@ rule REVERSINGLABS_Cert_Blocklist_38989Ec61Ecdb7391Ff5647F7D58Ad18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12256-L12272" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12256-L12272" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1795812d4daa458b157280cac7a9b13e9b67a2d78eac077691bbce2bf8aeec34" score = 75 quality = 90 @@ -48880,8 +49146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6C43D206A360F2D6B58537C456B709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12274-L12292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12274-L12292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "eb5288d2b96ff7a7783c2b2b02f9f1168784352ed84ad6463dce00c12daca6cb" score = 75 quality = 90 @@ -48905,8 +49171,8 @@ rule REVERSINGLABS_Cert_Blocklist_4929Ab561C812Af93Ddb9758B545F546 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12294-L12310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12294-L12310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "12235e324b92b83e9cfaed7cbcff5d093b8b1d7528dd5ac327159cde6e9a4d1f" score = 75 quality = 90 @@ -48930,8 +49196,8 @@ rule REVERSINGLABS_Cert_Blocklist_25C6Dbce3D5499F65D9Df16E9007465D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12312-L12328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12312-L12328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "978f05f86734c63afe1e5929a58f3cfff75ef749ffda07252db90b6fe12508ec" score = 75 quality = 90 @@ -48955,8 +49221,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6A1812E001362469541108973Bbd52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12330-L12348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12330-L12348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9b678e9fb1e1eda3ac8e027b5e449af446de4379fea46ef7ff820240c73795ee" score = 75 quality = 90 @@ -48980,8 +49246,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bde1D6Dc3622724F427A39E6A34F5124 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12350-L12368" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12350-L12368" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f1cf0b6855269a771447a0b38f4a02996b6527d7df4b143b69598ed591719ca0" score = 75 quality = 90 @@ -49005,8 +49271,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C9F5F96726A6E6Fc3B8Bb153Ac82Af2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12370-L12386" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12370-L12386" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a61bcc4a90a75a429366e3f93929005b67325eccc6cad3df6b7a0c3692597828" score = 75 quality = 90 @@ -49030,8 +49296,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E889Bb3B7F7194B674C6A0335A608E0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12388-L12404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12388-L12404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fa2a47f4fb822089fcc958850ce516c8c5d95a6d9b575f3b1d1d4a2ceb2537e4" score = 75 quality = 90 @@ -49055,8 +49321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F62F760704Bdf8Dc30C7Baa7376F484 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12406-L12422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12406-L12422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d54d52e116b9404782ce80664f218d2e142577dac672c53c41b82f0466c7375a" score = 75 quality = 90 @@ -49080,8 +49346,8 @@ rule REVERSINGLABS_Cert_Blocklist_071202Dbfda40B629C5E7Acac947C2D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12424-L12440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12424-L12440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cc51b0ae6a59f68e61ee0b4ff33ea0e1ee9ef04e4c994e1c98da6befab62a5b9" score = 75 quality = 90 @@ -49105,8 +49371,8 @@ rule REVERSINGLABS_Cert_Blocklist_98Ab9585C04D7F0E4Cf4De98C14B684D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12442-L12460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12442-L12460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ba43dd15b13623bb99d88c93fb9e751deb95a546325a1142d9137b25430d07fd" score = 75 quality = 90 @@ -49130,8 +49396,8 @@ rule REVERSINGLABS_Cert_Blocklist_4631713E66E91347F0388B98Cf747794 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12462-L12478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12462-L12478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cb517cda67150b7e17ee3bd946903e8e8eca81742a362032249a2f2387e71c50" score = 75 quality = 90 @@ -49155,8 +49421,8 @@ rule REVERSINGLABS_Cert_Blocklist_E963F8983D21B4C1A69C66A9D37498E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12480-L12498" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12480-L12498" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7c715e28f003351d10ba53657e9e667b635a0e4433276d91d26f4482a61191d" score = 75 quality = 90 @@ -49180,8 +49446,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E44Fcedd49F22F7A28Cecc99104F61A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12500-L12516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12500-L12516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "caff0cbca45c0dffb673367585824783371f2f4e31a0c9629afb7de708098892" score = 75 quality = 90 @@ -49205,8 +49471,8 @@ rule REVERSINGLABS_Cert_Blocklist_35B49Ee870Aea532E6Ef0A4987105C8F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12518-L12534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12518-L12534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a9d8e9db453f40e32a0cb6412db8885db54053fdf3d7908b884361a493f97b1f" score = 75 quality = 90 @@ -49230,8 +49496,8 @@ rule REVERSINGLABS_Cert_Blocklist_063Dcd7D7B0Bc77Cac844C7213Be3989 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12536-L12552" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12536-L12552" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "091d00b0731f0a3d9917eee945249f001e4b5b1b603cad2fc21eed70ec86aa99" score = 75 quality = 90 @@ -49255,8 +49521,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8777Aa866142Ad7120E5E1C9321E37 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12554-L12570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12554-L12570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca3ff0c7192ba90932d35d053712816555dea051ce15d29a7ccf4e37da989899" score = 75 quality = 90 @@ -49280,8 +49546,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A7F07C5D4Ad2E23F9E8E03F0E229Dd4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12572-L12588" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12572-L12588" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6dc2bfac77117e294cacc772f7bfaea8b2e3caa26a0afd3729d517e91ca20ea5" score = 75 quality = 90 @@ -49305,8 +49571,8 @@ rule REVERSINGLABS_Cert_Blocklist_F5F9C8F8C33E4Ce84Dd48Fcb03Ccb075 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12590-L12608" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12590-L12608" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ac3bab3f5a93099f39b0862b419346d1eb3d0f75d86e121ba30626d496c46c57" score = 75 quality = 90 @@ -49330,8 +49596,8 @@ rule REVERSINGLABS_Cert_Blocklist_57Fc55239F21F139978609E323097132 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12610-L12626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12610-L12626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "030bb847e524e672ee382e0284ba3f027920f60c70bbd153d4b9cdd2669e6a99" score = 75 quality = 90 @@ -49355,8 +49621,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eeefec4308Abe63323600E1608F5E6F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12628-L12646" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12628-L12646" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "71ab4bd7e85155bfbc1612941c5f15c409629b116258c38b79bd808512df006a" score = 75 quality = 90 @@ -49380,8 +49646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ecd460Ce14Bd8Ef2926Da2Cd9A44176 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12648-L12664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12648-L12664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "58fa244c125415ef7a3cf0feb79add4db7c84f94c23e5d27e840fb17c18d67ef" score = 75 quality = 90 @@ -49405,8 +49671,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E75E997F3D70Bb8C182D56B25B7D836 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12666-L12682" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12666-L12682" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a2c6a57759fb0717951f83a32c00deeae82cad772b6cb7f60fa96232b6b82560" score = 75 quality = 90 @@ -49430,8 +49696,8 @@ rule REVERSINGLABS_Cert_Blocklist_D5690D94F15315E143Db10Af35497Dc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12684-L12702" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12684-L12702" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4ac17d0f0e4ef2bb5f6cda8e7cb07a641d49c83465a0a80c46ff6e0e752d1847" score = 75 quality = 90 @@ -49455,8 +49721,8 @@ rule REVERSINGLABS_Cert_Blocklist_8223C74185Add0927246F5E33Ebac467 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12704-L12722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12704-L12722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f700b4f7cdfda9f678c3a5259d4293640c50567ec277c5b3db69756534e2007f" score = 75 quality = 90 @@ -49480,8 +49746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dd9E9E1D7C573714E3F567C5380Ae6D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12724-L12742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12724-L12742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7bbcdb989d53bafbb2bdb694be72d4f7305323c01e8f1eafcb7cd889df165ff6" score = 75 quality = 90 @@ -49505,8 +49771,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D5E71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12744-L12760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12744-L12760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa73ac6569e4bb0084d7b148b2186ec2737a691a133319b21b666aa16bca9f2d" score = 75 quality = 90 @@ -49530,8 +49796,8 @@ rule REVERSINGLABS_Cert_Blocklist_C33187Fe848A65E8484Ea492Cb2Cbb18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12762-L12780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12762-L12780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b66d67b74d73a143cb5301b232abd5f0f84f058223d4494b924a25dffb49037a" score = 75 quality = 90 @@ -49555,8 +49821,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Fc143Ba34Cabf1De7A4C7F8F4Cdad6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12782-L12798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12782-L12798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ffe25e4478a2245d4e5b330bb9300fb6cb48afb0fe3bd72bd62a589eeee3fe89" score = 75 quality = 90 @@ -49580,8 +49846,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ac6268B2E431A2C1369346D175D0E30 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12800-L12816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12800-L12816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "27efaba9bd9cd116f640007c1e951bb77757efbe148b5f953e71d6621d7f16b2" score = 75 quality = 90 @@ -49605,8 +49871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fc4D9178B8Df2C19E269Ac6F43Dd708 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12818-L12834" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12818-L12834" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "41dfe37b464d337268a8bb0e23124df7b50ab966038e8ad33bda81a4d86040ca" score = 75 quality = 90 @@ -49630,8 +49896,8 @@ rule REVERSINGLABS_Cert_Blocklist_E01407871E2146C9Baab1Ae7Ab8Ab172 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12836-L12854" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12836-L12854" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1801e7f15bd5f916fc08d263a845d296d334ca9de1040008f619719c1b5c0a3b" score = 75 quality = 90 @@ -49655,8 +49921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Effc6D19D6Fc85872E4E5B3Ccee6D301 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12856-L12874" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12856-L12874" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a746c4193f1264cb96eae0ea85c2c76b5caf3b72ca950f76af426b4d68d210b3" score = 75 quality = 90 @@ -49680,8 +49946,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F4A25D52B16Eb4C9Dfe71Ebbd8121Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12876-L12892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12876-L12892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7b237ae0574afeafcc05f71512c09d3170edbee20e512a1b0af5b431923dc25c" score = 75 quality = 90 @@ -49705,8 +49971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6889Aab6202Bcc5F11Caedf4D04F435B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12894-L12910" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12894-L12910" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b2261ed8001929be8f80f73cc0c5076138f4794c73cbffd63773da5fc44639a8" score = 75 quality = 90 @@ -49730,8 +49996,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Be63083Fbb1787B445Da97583721419 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12912-L12928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12912-L12928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f39f5a632544bc01c3b4c9e2f2dd33f7109c44375f54011a34181e10da79debc" score = 75 quality = 90 @@ -49755,8 +50021,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E2D3449272B6B96B8B9F728E87580D5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12930-L12946" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12930-L12946" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0155a8c71bf8426bbb980798772b04c145df5b8c4b60ff1a610a1236a47547ef" score = 75 quality = 90 @@ -49780,8 +50046,8 @@ rule REVERSINGLABS_Cert_Blocklist_268C0D7028A154Ac3B6349C5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12948-L12964" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12948-L12964" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8311b36f008e31b7ac27b439fa46da4c90ab4be6c7c89426f8e1939963bc3d7d" score = 75 quality = 90 @@ -49805,8 +50071,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Daa8D629Cc0410A9482E62A0F8Bf8Fc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12966-L12982" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12966-L12982" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cfb2631bc1832f65fb9d77c812bf2a1e05121e825254bd57ae8b21e7b10b2344" score = 75 quality = 90 @@ -49830,8 +50096,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A727E200Ea76570 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L12984-L13002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L12984-L13002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "337dc486f2bdca1f7682887d5e5c0f82961850a8fd9c9a20b9a43a75334070d8" score = 75 quality = 90 @@ -49855,8 +50121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0954A3C876Df9262Cde5817F9870F0C6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13004-L13020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13004-L13020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "164b064a9df31d4a122236dfee7b713417a44d47a7f304b2bf55686a7f038feb" score = 75 quality = 90 @@ -49880,8 +50146,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C30930E53Bb026F9A5D7440155F7118 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13022-L13038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13022-L13038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "260a58669043d21ee0ffccbdee95c9d04ef338497685d42f1951660f658a164d" score = 75 quality = 90 @@ -49905,8 +50171,8 @@ rule REVERSINGLABS_Cert_Blocklist_432Eefc0D4Dc0326Eb277A518Cc4310A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13040-L13056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13040-L13056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d5a0b7f19f66f18b5ef1c548276b675ead74fed6be94310c303bfad6c85f18be" score = 75 quality = 90 @@ -49930,8 +50196,8 @@ rule REVERSINGLABS_Cert_Blocklist_470D6Ce21A6940320261F09E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13058-L13074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13058-L13074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cae1d381bf2018a0ce56feb245d01f2bfea55b67894264d32d78dbb41873c792" score = 75 quality = 90 @@ -49955,8 +50221,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E6Bc7E5A49E2C28E6F5D042 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13076-L13092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13076-L13092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f378c490ff4f32fc095c822f75abac44a8d94327404cd97546c63e7441e07632" score = 75 quality = 90 @@ -49980,8 +50246,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C5020899147C850196C4Ebf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13094-L13110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13094-L13110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "112e834a24c50d639f8607740faa609f1a36539058357544e5dbcddf841f3116" score = 75 quality = 90 @@ -50005,8 +50271,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Efcf7Adc21F070E590D49Ddb8081397 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13112-L13128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13112-L13128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d60a5bbd50484d620ab60cfd40840abc541c2b7bc1005a9076b69ddd1b938652" score = 75 quality = 90 @@ -50030,8 +50296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbd37C0A651913Ee25A6860D7D5Ccdf2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13130-L13148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13130-L13148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "77cc439aea6eaa5a835b6b1aa50904c1df0d5379228e424ab2d68a3cb654834c" score = 75 quality = 90 @@ -50055,8 +50321,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fe0Ad6B03C57Ab67A352159004Ca3Db : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13150-L13166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13150-L13166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6f2489421f2effa2089b744f7e137818935fe2339d9216a42686012c51da677b" score = 75 quality = 90 @@ -50080,8 +50346,8 @@ rule REVERSINGLABS_Cert_Blocklist_642Ad8E5Ef8B3Ac767F0D5C1A999Bdaa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13168-L13184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13168-L13184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d42d40ca381b99b68a3384cecf585aab2acca66d4e13503d337b1605d587d0b5" score = 75 quality = 90 @@ -50105,8 +50371,8 @@ rule REVERSINGLABS_Cert_Blocklist_5333D3079D8Afda715703775E1389991 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13186-L13202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13186-L13202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "98bd9d35c4e196a11943826115ab495833f7ef1d95f9736cc24255d6dd4fd21c" score = 75 quality = 90 @@ -50130,8 +50396,8 @@ rule REVERSINGLABS_Cert_Blocklist_139A7Ee1F1A7735C151089755Df5D373 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13204-L13220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13204-L13220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "86072fef7d1488dc257c3ca8fbb99620ec06f8ecb671b4e20d09d0ce6cc8601d" score = 75 quality = 90 @@ -50155,8 +50421,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Dbe83082E1B3Dfa29F9C24 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13222-L13238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13222-L13238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1fdf6471d0b869df1a8630108cdaf1cc97d33e91d4726073913cdc54c7cf0042" score = 75 quality = 90 @@ -50180,8 +50446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A466553A6391Aafd181B400266C7B18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13240-L13256" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13240-L13256" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cb21e5759887904d6a38cd1b363610ebc0bfd9a357050c602210468992815cbe" score = 75 quality = 90 @@ -50205,8 +50471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D3Dec8794Fa7228D1Ee40Eeb8187149 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13258-L13274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13258-L13274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "20084dc0b069d65755f859f5aef4be5599d1f066ba006199d3ce803b0d8f041e" score = 75 quality = 90 @@ -50230,8 +50496,8 @@ rule REVERSINGLABS_Cert_Blocklist_24Af70B5D17A63Ad053E5821 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13276-L13292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13276-L13292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d78f709067c83169484d9dd6e1dd8a88852362da028551d4e55e5703a22e04a7" score = 75 quality = 90 @@ -50255,8 +50521,8 @@ rule REVERSINGLABS_Cert_Blocklist_402E9Fcba61E5Eaf9C0C7B3Bfd6259D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13294-L13310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13294-L13310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1bfc2610745a98ebcf0f77504815d9d1c448697fbe407d6c2e075219b401de50" score = 75 quality = 90 @@ -50280,8 +50546,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C84F9136059E96134F8766670Eacd52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13312-L13328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13312-L13328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6778630dcc3e4fe2816e6dee1b823e616f53de8a924057495c7c252948a71b4" score = 75 quality = 90 @@ -50305,8 +50571,8 @@ rule REVERSINGLABS_Cert_Blocklist_6716A9C195987D5Cfe53A094779461E7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13330-L13346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13330-L13346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "648fd70432a791b3e589f5eda1b1510045b465623914a9762ff3dfb4a3e022f8" score = 75 quality = 90 @@ -50330,8 +50596,8 @@ rule REVERSINGLABS_Cert_Blocklist_876C00Bd665Df98B35554F67A5C1C32A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13348-L13366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13348-L13366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "90bde1313db78d4166e8c87e7e4111c576880922b1c983f3a842ea030d38a0da" score = 75 quality = 90 @@ -50355,8 +50621,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B093Cb60D4B992266F550934A4Ac7D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13368-L13384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13368-L13384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4b634bc706638d72f2d036d41cf092cac538e930d7d407eebc225b482fd64f51" score = 75 quality = 90 @@ -50380,8 +50646,8 @@ rule REVERSINGLABS_Cert_Blocklist_2050B54146B011Ed30F60F61 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13386-L13402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13386-L13402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "74749317fcefcdb698046a6f42c6c6e05cc1eab1370b3b1fd7d025f49de4a032" score = 75 quality = 90 @@ -50405,8 +50671,8 @@ rule REVERSINGLABS_Cert_Blocklist_73E2F34C9C2435F29Bbe0A3C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13404-L13420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13404-L13420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "503429e737e8bdad735cf88e2bb2877d1f52b2c38be101a7a129c02db608a347" score = 75 quality = 90 @@ -50430,8 +50696,8 @@ rule REVERSINGLABS_Cert_Blocklist_68C457D7495D2A8D0D7B9042836135C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13422-L13438" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13422-L13438" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3eb63f75f258eec611fa4288302f0ce5e47149ca876265a4a4b65dc33313aaa6" score = 75 quality = 90 @@ -50455,8 +50721,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B72Ca367D40Fbef16E73E6Eba6A9A59 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13440-L13456" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13440-L13456" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b20c16dafcd891c36b28b36093cd3ad3a15f3795f0f2adda61fb0db2835d02d" score = 75 quality = 90 @@ -50480,8 +50746,8 @@ rule REVERSINGLABS_Cert_Blocklist_736B7663D322533413F36E3E7E55F920 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13458-L13474" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13458-L13474" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "44e86319106a4bf8edba6c1be2f90d68b3d1ef4591f0cc23921a0dc4da4a407b" score = 75 quality = 90 @@ -50505,8 +50771,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A170102461Fdc967Acfafe4Bbbc7F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13476-L13492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13476-L13492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ddae18d566fa2fd077f51d0afff74fb8a8e525f88f23908c7402a4b2c092ad24" score = 75 quality = 90 @@ -50530,8 +50796,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C501B8B113209C96C8119Cf7A6B8B79 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13494-L13510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13494-L13510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dca37fda83650979566fb6ffbedaf713955a3c7f03ecc62e2e155475b7ca00e4" score = 75 quality = 90 @@ -50555,8 +50821,8 @@ rule REVERSINGLABS_Cert_Blocklist_0300Ee4A4C52443147821A8186D04309 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13512-L13528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13512-L13528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8476ece98427c1ffd99d820c25fe664397de2c393473f7d5ee0846d8d840fd9e" score = 75 quality = 90 @@ -50580,8 +50846,8 @@ rule REVERSINGLABS_Cert_Blocklist_202Cf8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13530-L13546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13530-L13546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "671a4b522761fdff75d1c0c608e8cfb21c7ab538c8c30c8620315bc58ed358e6" score = 75 quality = 90 @@ -50605,8 +50871,8 @@ rule REVERSINGLABS_Cert_Blocklist_6651Cc8B4850D4Dec61961503Ea7956B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13548-L13564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13548-L13564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "29bfe9c8b340b55a9daa2644e8d55b2b783cc95c85541732e6e0decca8c10ff6" score = 75 quality = 90 @@ -50630,8 +50896,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Bef28467E4750331D2F403458113B8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13566-L13582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13566-L13582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dc59fdecf60f3781e92cfe8469be2e0c1cb1cfdd3e9f9757d159667437cb37f5" score = 75 quality = 90 @@ -50655,8 +50921,8 @@ rule REVERSINGLABS_Cert_Blocklist_0296Cf3314F434C5B74D0C3E36616Dd1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13584-L13600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13584-L13600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "acf3b7460c79fa71c1b131b26a40bbc286c9da0a5fe7071bbe8b386a3ca91de4" score = 75 quality = 90 @@ -50680,8 +50946,8 @@ rule REVERSINGLABS_Cert_Blocklist_045D57D63E13775C8F812E1864797F5A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13602-L13618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13602-L13618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d3e61e9a43f5b17ebb08b71dc39648d1f20273a18214f39605f365f9f0f72c10" score = 75 quality = 90 @@ -50705,8 +50971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6D633Df9Bb6015Fc3Ecea99Dff309Ee7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13620-L13636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13620-L13636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "84e2f427ee79b47db8d0e5f1e2217a7e1c1ea64047e01b4ea6db69f529501f36" score = 75 quality = 90 @@ -50730,8 +50996,8 @@ rule REVERSINGLABS_Cert_Blocklist_22E2A66E63B8Cb4Ec6989Bf7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13638-L13654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13638-L13654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2099c508d1fd986f34f14aa396a5aaa136e2cdd2226099acdca9c14f6f6342eb" score = 75 quality = 90 @@ -50755,8 +51021,8 @@ rule REVERSINGLABS_Cert_Blocklist_654B406De388Ec2Aec253Ff2Ba4C4Bbd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13656-L13672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13656-L13672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a1aadaded55c8b0d85ac09ba9ab27fefaeec2969cdabaf26ff0c41bf33422ddc" score = 75 quality = 90 @@ -50780,8 +51046,8 @@ rule REVERSINGLABS_Cert_Blocklist_78D1817Ebcf338B4E9C810F9740A726B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13674-L13690" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13674-L13690" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "62e59130ef0ac35b17a265bb8bc2031cac6a75c11925ccb21eb4601b8fbe1a63" score = 75 quality = 90 @@ -50805,8 +51071,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Fbcdb1Fbd3D702Fb77257B45D8C58E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13692-L13708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13692-L13708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "441e10f49515d75ee9e8983ba4321377fee13a91ca5eeddc08b393136ce8ccfd" score = 75 quality = 90 @@ -50830,8 +51096,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B5D8Ed5Ca011679F141F124 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13710-L13726" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13710-L13726" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "39ff0d5fd711524ce181596033d1d51579cd086eb20b87722aebf39623bbaa17" score = 75 quality = 90 @@ -50855,8 +51121,8 @@ rule REVERSINGLABS_Cert_Blocklist_33671F1Bcbd0F5E231Fc386F4895000E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13728-L13744" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13728-L13744" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9199c8d76e3390ec9038808b4e88b803b3f3d6966af6206d0c9968d9ab673f31" score = 75 quality = 90 @@ -50880,8 +51146,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Bc299F0694C19Ec21E71265B1D7E17 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13746-L13762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13746-L13762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cb522e3084d382c451a8b040095e75582675f90dbb588e370f2f0054f4c2d14b" score = 75 quality = 90 @@ -50905,8 +51171,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B75C6B0A09Afdb9787F6Dff75Ae7844 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13764-L13780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13764-L13780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8fd125a526b3433fbb8a5c6fa74ce0b0e2de8ff789880c355625d4140cd902a2" score = 75 quality = 90 @@ -50930,8 +51196,8 @@ rule REVERSINGLABS_Cert_Blocklist_167Fd1295B3Bb102Dbb37292C838E7Cd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13782-L13798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13782-L13798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1cc7d441291fd9c4dc37320d411f94fb362523d47d37ab35c20b3ac9d4cd75cb" score = 75 quality = 90 @@ -50955,8 +51221,8 @@ rule REVERSINGLABS_Cert_Blocklist_253Ad25E39Abe8F8Fda9Fcf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13800-L13816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13800-L13816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1d46ccaa136cd7be30ffbf0eb09eb6485c543ff4bdbe99fa7ea3846841cbd41b" score = 75 quality = 90 @@ -50980,8 +51246,8 @@ rule REVERSINGLABS_Cert_Blocklist_A9C1523Cb2C73A82771D318124963E87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13818-L13836" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13818-L13836" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "87e314d14361f56935b7a8fb93468cfaf2c73e16c25d68a61ec80ad9334d3115" score = 75 quality = 90 @@ -51005,8 +51271,8 @@ rule REVERSINGLABS_Cert_Blocklist_68E1B2C210B19Bb1F2A24176709B165B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13838-L13854" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13838-L13854" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8e88ad992c58d37ff1ac34e2d9cf121f3bc692ae78c0ad79140974abdec2f317" score = 75 quality = 90 @@ -51030,8 +51296,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C88313Bd98Bde99C9B9Ac1408A63249 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13856-L13872" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13856-L13872" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f958e46e00bf4ab8ecf071502bcda63a84265029bc9c72cea1eaaf72e9003a84" score = 75 quality = 90 @@ -51055,8 +51321,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A632A6Ecfc6C49Ec1F42F76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13874-L13890" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13874-L13890" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "038badeab61c00476b79684308bf91f8a63716641f2be16fe0a3b25ebd3a9a1e" score = 75 quality = 90 @@ -51080,8 +51346,8 @@ rule REVERSINGLABS_Cert_Blocklist_F57Df6A6Eee3854D513D0Ba8585049B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13892-L13910" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13892-L13910" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "09d5998960fb65eda56cd698c5ff50d87ba7a811cbb128bc7485c0f124e14cba" score = 75 quality = 90 @@ -51105,8 +51371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ac5Ac5D323122E6D8E92D6E191B1432 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13912-L13928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13912-L13928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d5e62d3cdfacfaea70f9ee11230501bb9c4099508077d50a2a143cb69476f02a" score = 75 quality = 90 @@ -51130,8 +51396,8 @@ rule REVERSINGLABS_Cert_Blocklist_2433D9Df7Efbccb870Ee5904D62A0101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13930-L13946" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13930-L13946" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "92a2effe1b94345f52130e4cb1db181f1990e58eaefb9c74375c14249cc1be22" score = 75 quality = 90 @@ -51155,8 +51421,8 @@ rule REVERSINGLABS_Cert_Blocklist_462Baada57570F70Df76D10B9E7Bf2B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13948-L13964" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13948-L13964" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c48207907339ce3fb7b6bc630097761a24495a9d4e69d421f2bdb36ddc92abcb" score = 75 quality = 90 @@ -51180,8 +51446,8 @@ rule REVERSINGLABS_Cert_Blocklist_83320D93Dd8Cf16D11F99B1078B0A7Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13966-L13984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13966-L13984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "94ec5e05357767cc0c4cd1fc8ff6d1a366359ba699c43f3710204d761e7e707f" score = 75 quality = 90 @@ -51205,8 +51471,8 @@ rule REVERSINGLABS_Cert_Blocklist_10Bae1D20Cb4Cc36A0Ffac86 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L13986-L14002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L13986-L14002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "44e91fbf4da8e81859a21408ee9f1971f1e8f48d22553fcaa6469156d4a0670b" score = 75 quality = 90 @@ -51230,8 +51496,8 @@ rule REVERSINGLABS_Cert_Blocklist_230716Bfe915Dd6203B2E2A35674C2Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14004-L14020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14004-L14020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0197ff46ceb1017488da4383436fd0ddc375904f36cc16c5a8ef21d633ec387c" score = 75 quality = 90 @@ -51255,8 +51521,8 @@ rule REVERSINGLABS_Cert_Blocklist_36A77D37E68E02Fd3D043C7197E044Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14022-L14038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14022-L14038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fc13ac5880cc2c8eac9ff8d09f6c5c2055b2de54d460a284936a4f6cd78192e8" score = 75 quality = 90 @@ -51280,8 +51546,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Bff2Fb714F986C1707165F0B0F2E0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14040-L14056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14040-L14056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d79ab926cbc0049d39f5f4c6e57afc71b1a30311a4816fdb66a9c2e257cc84af" score = 75 quality = 90 @@ -51305,8 +51571,8 @@ rule REVERSINGLABS_Cert_Blocklist_33B24170694Ca0Cf4D2Bdf4Aadf475A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14058-L14074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14058-L14074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "795bcb46b41ded084e4d12d98e335748ec1db3e0abbbb2d933e819d955075138" score = 75 quality = 90 @@ -51330,8 +51596,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A9Bdec10E00E780316Baaebfe7A772C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14076-L14092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14076-L14092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ea9bc11efd2969f6b7112338f2b084ea3551e072e46b1162bd47b08be549cdd4" score = 75 quality = 90 @@ -51355,8 +51621,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cad9C37F7Affa8F4D8229F97607E265 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14094-L14110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14094-L14110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0f88989c64bece23e7eccf8022e038fdd9c360766de71268cf71616f74adc56c" score = 75 quality = 90 @@ -51380,8 +51646,8 @@ rule REVERSINGLABS_Cert_Blocklist_098A57 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14112-L14128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14112-L14128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5e203f87dd4608ba5d583e02ce86fbe230e45fff86a7a697766e149d0cf6f436" score = 75 quality = 90 @@ -51405,8 +51671,8 @@ rule REVERSINGLABS_Cert_Blocklist_5389Cc6286Da3Bfa1Dc4Df498Bf68361 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14130-L14146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14130-L14146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d25d998c980f47f4da065155451503dcbc677ad041af85a6ed7060ecadec66b3" score = 75 quality = 90 @@ -51430,8 +51696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ed9Caeb7911B31Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14148-L14166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14148-L14166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "02cfdf883212387a465af3e692b29b8d0eb8249e0a260f18bec2f662d775b606" score = 75 quality = 90 @@ -51455,8 +51721,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fd2B19A941B7009Cc728A37Cb1B10B9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14168-L14184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14168-L14184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6b5cc47f4df9e57c59bc66c32188e02390d4855a1b9e56bd7471fd641a245c3c" score = 75 quality = 90 @@ -51480,8 +51746,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D88C0Af1Fe2609961C171213C03Bd23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14186-L14202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14186-L14202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2d181b9b517732f14d196c1a6c5661d8de4dbbfe6f120954dd3f9dcad00ff0fe" score = 75 quality = 90 @@ -51505,8 +51771,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E7Cc176062D91225Cfdcbdf5B5F0Ea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14204-L14220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14204-L14220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1d2ffa7ec3559061432c2aff23f568cb580fb9093d0af7d8a6a0b91add89c9cc" score = 75 quality = 90 @@ -51530,8 +51796,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cecedd2Efc985C2Dbf0019669D270079 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14222-L14240" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14222-L14240" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1dfb5959db6929643126a850de84e54a84d7197518cde475c802987721b71020" score = 75 quality = 90 @@ -51555,8 +51821,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Fe6F00Bd79684210534050Ff46Bc92 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14242-L14258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14242-L14258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e8ebc5de081e2d1e653493a2d85699ebfb5227b7fab656468025c2043903f597" score = 75 quality = 90 @@ -51580,8 +51846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0323Cc4E38735B0E6Efba76Ea25C73B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14260-L14276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14260-L14276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "48bda7f61c9705ae70add3940f10d65fc7f7a776cec91a244f0e5bde07303831" score = 75 quality = 90 @@ -51605,8 +51871,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F9Aca069Ac1B6Bfb0E14861Ec857Bf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14278-L14294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14278-L14294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d7c9a471455768a00deeb73900bf80a98f0b2c9da1fd09d568e2998deaf404d2" score = 75 quality = 90 @@ -51630,8 +51896,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E9D26Dcf703Ca3B140D7E7Ad48312E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14296-L14312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14296-L14312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d8f70ba61509f3df34705bea0bfcb4cce3e92a33f0f1b65315d886eb5592f152" score = 75 quality = 90 @@ -51655,8 +51921,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E2523E76Ea455941E75Fb8240474A75 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14314-L14330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14314-L14330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e89f722345fda82fd894d34169d1463997ae1d567d46badbf3138faa04cf8fa4" score = 75 quality = 90 @@ -51680,8 +51946,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102468293Ba7308D17Efb43Ad6Bfb58 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14332-L14348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14332-L14348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c1ae1562595ac6515a071a16195b46db6fad4ee0fe9757d366ee78b914e1de7f" score = 75 quality = 90 @@ -51705,8 +51971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ded1A7Ff6Da152A98A57A2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14350-L14366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14350-L14366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "20ec1e8e0570eb216304fd8453df315a26d9c170224177c325c10cbefc1993fb" score = 75 quality = 90 @@ -51730,8 +51996,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ce65Ea057B975D2C17Eaf2C2297B1Eb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14368-L14384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14368-L14384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e17988cb2503e285cfe2ea74d7bc61c577d828e14fd5d8d8062e469dc75c449e" score = 75 quality = 90 @@ -51755,8 +52021,8 @@ rule REVERSINGLABS_Cert_Blocklist_5D085A9A288549D09Edc4941 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14386-L14402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14386-L14402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dff7c2d727acca753b030d05028590e1a5577121bb2b4c0dcfcb70b4c9d77cbf" score = 75 quality = 90 @@ -51780,8 +52046,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D20Dec3797A1Ac30649Ebb184265B79 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14404-L14420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14404-L14420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "78c0575a1c9ecf37ef5bac0612c20f96b8641875b0ba786979adc8a77f001a5e" score = 75 quality = 90 @@ -51805,8 +52071,8 @@ rule REVERSINGLABS_Cert_Blocklist_187D92861076E469B5B7A19E2A9Fd4Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14422-L14438" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14422-L14438" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7383a7fb31a0a913dff1740015ff702642fbb41d8e5a528a8684c80e66026e9d" score = 75 quality = 90 @@ -51830,8 +52096,8 @@ rule REVERSINGLABS_Cert_Blocklist_199A9476Feca3C004Ff889D34545De07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14440-L14456" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14440-L14456" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "39c6efefcbd78d5e08ffd8d3989cab3bdf273a1847b2a961f9e68c9ee95e85b6" score = 75 quality = 90 @@ -51855,8 +52121,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Efe65 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14458-L14474" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14458-L14474" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f849b6899b6766807cfddf99ecb809fe923f35f04de09b62235da352ce6e6e24" score = 75 quality = 90 @@ -51880,8 +52146,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Af7E2B6A3Deb99291Dcaf66 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14476-L14492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14476-L14492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "270b5655a0f54abceb520eaca714ed4f6d4de720883e2759acd5bb2f027dfd2b" score = 75 quality = 90 @@ -51905,8 +52171,8 @@ rule REVERSINGLABS_Cert_Blocklist_45E27C4Dfa5E6175566A13B1B6Ddf3F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14494-L14510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14494-L14510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9bcbb84207984b259463482f094bf0f3815f0d74317b6b864dab44769ff5e7e8" score = 75 quality = 90 @@ -51930,8 +52196,8 @@ rule REVERSINGLABS_Cert_Blocklist_37D36A4E61C0Ac68Ceb8Bfcef2Dbf283 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14512-L14528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14512-L14528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "41e126600aae5646b808ed0a4294faa9a63e47842e9cde4fee9e5e65919af7ee" score = 75 quality = 90 @@ -51955,8 +52221,8 @@ rule REVERSINGLABS_Cert_Blocklist_4321De10738278B93683Ca542407F103 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14530-L14546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14530-L14546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2787375605310877891ef924268f4660d1c8aa020e00674c1b1d7eb3c4f5b2fb" score = 75 quality = 90 @@ -51980,8 +52246,8 @@ rule REVERSINGLABS_Cert_Blocklist_2A6B2Df210Be14F4E18E10C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14548-L14564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14548-L14564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24ae1664c35b7947e2e638bf620d9ab572c70df9cdc1403cc00b422a45ff9194" score = 75 quality = 90 @@ -52005,8 +52271,8 @@ rule REVERSINGLABS_Cert_Blocklist_412Ab2A50E8028Ddcbc499Ddf45F2045 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14566-L14582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14566-L14582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a5b85d13dee51d68af28394ecee3dcc2efe7add4d26c2a8033d1855b33ac6271" score = 75 quality = 90 @@ -52030,8 +52296,8 @@ rule REVERSINGLABS_Cert_Blocklist_0747F6A8C3542F954B113Fd98C7607Cf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14584-L14600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14584-L14600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9d5e5c98f3ef372532cfc4f544d5d3f620dc2e49d8b6e1c96df29d2a38042019" score = 75 quality = 90 @@ -52055,8 +52321,8 @@ rule REVERSINGLABS_Cert_Blocklist_2572B484Fa0A61Be7288D785D7Bda7D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14602-L14618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14602-L14618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6b23ba706a640a1e76ad7ab0a70c845c9366ac8355eea5439f76f6993c9c6be" score = 75 quality = 90 @@ -52080,8 +52346,8 @@ rule REVERSINGLABS_Cert_Blocklist_6726Bd04204746C46857887F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14620-L14636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14620-L14636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "11d25dff7e05e6f97725e919cc6c978d7f2e64a91cf04b72461c71d592dfc2dc" score = 75 quality = 90 @@ -52105,8 +52371,8 @@ rule REVERSINGLABS_Cert_Blocklist_4463D8B31E0F87C14233D4D0D2C487A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14638-L14654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14638-L14654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "04ce664fceb4a617294e860d5364d8a4ce8e055fd2baebb8be69f258d9c70ac7" score = 75 quality = 90 @@ -52130,8 +52396,8 @@ rule REVERSINGLABS_Cert_Blocklist_387982605E542D6D52F231Ca6F5657Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14656-L14672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14656-L14672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d55cfd45bc0d330c0ed433a882874e4633ffbaa0d68288bea9058fe269d75ed9" score = 75 quality = 90 @@ -52155,8 +52421,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0134C41E7Eda6863C4Eee5B003976Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14674-L14692" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14674-L14692" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbe34baf52e3fa7d7cdfcfaef9b8851c4cbeb46d17eeade61750e59cf0c13291" score = 75 quality = 90 @@ -52180,8 +52446,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B47A4739Dd8Ffe81D9B5307 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14694-L14710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14694-L14710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5f35f520d4af26fa648553894a5b0db043d0c32302d94f531b6cb48691396a92" score = 75 quality = 90 @@ -52205,8 +52471,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F5A9Bf75Da76B949645475473793A7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14712-L14728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14712-L14728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8c58d30b1b6ef80409d9da5f5f4bc26a8818b01cc388b5966c8b68ed0e4c5a2a" score = 75 quality = 90 @@ -52230,8 +52496,8 @@ rule REVERSINGLABS_Cert_Blocklist_081Df56C9A48D02571F08907 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14730-L14746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14730-L14746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "25d91f09e0731ab09a05855442b72589eb30e1c7d5e4c0a7af760eea540d786f" score = 75 quality = 90 @@ -52255,8 +52521,8 @@ rule REVERSINGLABS_Cert_Blocklist_77D5C1A3E623575999C74409Dc19753C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14748-L14764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14748-L14764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "54921ce39a0876511b33ac6fa088c3342e2ea7fa037423fe72825bfe9c83bce6" score = 75 quality = 90 @@ -52280,8 +52546,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9756B3F38B1172Ea89Fdbdfdba5F979 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14766-L14784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14766-L14784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "997a9433f907896d82f22ae323bf9cfe9aa04a2a49c5505e98adbb34277fcc15" score = 75 quality = 90 @@ -52305,8 +52571,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Fb28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14786-L14802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14786-L14802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5ed65d33b73977e869460ba51271aff94811fa2f41e4a2993c47233add2f38dd" score = 75 quality = 90 @@ -52330,8 +52596,8 @@ rule REVERSINGLABS_Cert_Blocklist_197Dc32D915458953562D2Fe78Bf2468 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14804-L14820" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14804-L14820" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e61284a74765592fe97b90ca1c260efa46ea31286e6d09ab32d6c664b8271f2a" score = 75 quality = 90 @@ -52355,8 +52621,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C0Be3D14787351E3156F5F37F2B3663 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14822-L14838" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14822-L14838" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "66c2cd84fccedd2afef00495c49d0c2844e2e5e190e6a859d2970e8ddb4a35c2" score = 75 quality = 90 @@ -52380,8 +52646,8 @@ rule REVERSINGLABS_Cert_Blocklist_05054Fdea356F3Dd7Db479Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14840-L14856" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14840-L14856" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "02ec52e060a6b8b3edfad0a1f5b1f2d6c409645d5233612d0d353ad74bcd4568" score = 75 quality = 90 @@ -52405,8 +52671,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aaa069E92517F21Ce67Ca713F6Ea63 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14858-L14874" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14858-L14874" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "28ad7e9c75a701425003cde4a7eb10fa471394628cd5004412778d8d7cddb50b" score = 75 quality = 90 @@ -52430,8 +52696,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B7B54E0Dd4D7E45A0B46834De52658D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14876-L14892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14876-L14892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5febbce8c39440bfc4846f509f0b1dd4f71a8b4dc24fa18afb561d26e53c2446" score = 75 quality = 90 @@ -52455,8 +52721,8 @@ rule REVERSINGLABS_Cert_Blocklist_B63E4299D0B0E2Dcdaeb976167A23235 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14894-L14912" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14894-L14912" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "da7415d0bc0245dea6a4ec325da5140c79c723c20fb7c04ff14f59a3089a5c88" score = 75 quality = 90 @@ -52480,8 +52746,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Dabae616705F5A51152Eac48423F354 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14914-L14930" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14914-L14930" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0bb14ececa3a78e1a2e71cfdee8bc57678251b15151d156ef5fa754b2438ee35" score = 75 quality = 90 @@ -52505,8 +52771,8 @@ rule REVERSINGLABS_Cert_Blocklist_50D08F3C9Bf86Fba52Cf592B4Fe6Eacf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14932-L14948" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14932-L14948" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca613e4b45b9bb1ef7564b9fc6321bccc0f683298de692a3db2bf841db9010ef" score = 75 quality = 90 @@ -52530,8 +52796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C7Fc3616F3157A28F702Cc1Df275Dcd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14950-L14966" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14950-L14966" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c2dcea21c7a3e3aef6408f11c23edbce6d8f655f298654552a607a9b0caabb28" score = 75 quality = 90 @@ -52555,8 +52821,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ed1B2F4Bf8Dd37A8Ad9Bb775774592 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14968-L14984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14968-L14984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "69865935e07ea255a5d690e170911b33574ea61550b00bebc2ceff91ba9a33da" score = 75 quality = 90 @@ -52580,8 +52846,8 @@ rule REVERSINGLABS_Cert_Blocklist_211B5Dfe65Bc6F34Bc9D3A54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L14986-L15002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L14986-L15002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cf2e4c0dd98efb77c28b63641196c83e60afc0d6ab64802743c351581506dbb5" score = 75 quality = 90 @@ -52605,8 +52871,8 @@ rule REVERSINGLABS_Cert_Blocklist_5400D1C1406528B1Ef625976 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15004-L15020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15004-L15020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fbdd37e050d68c4287e897f050a673aea071df105a35b07475d3233da3f03feb" score = 75 quality = 90 @@ -52630,8 +52896,8 @@ rule REVERSINGLABS_Cert_Blocklist_013472D7D665557Bfa0Dc21B350A361B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15022-L15038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15022-L15038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ab908ef0fca56753bcba8bc85e2fdf5859b4e226c179ec5c6eb6eb3dc4014a8e" score = 75 quality = 90 @@ -52655,8 +52921,8 @@ rule REVERSINGLABS_Cert_Blocklist_66C758A22Bfbbce327616815616Ddd07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15040-L15056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15040-L15056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "37f0f64e2d84ef6591e1f07a05abca35b37827d26c828269fb5f38d8546a60a7" score = 75 quality = 90 @@ -52680,8 +52946,8 @@ rule REVERSINGLABS_Cert_Blocklist_E61B0366D940896430Bcfe3E93Baac5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15058-L15076" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15058-L15076" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1b1fd0c2237446ab22c7359d1e89d822a4b9b6ad345447740154d7d52635c2ea" score = 75 quality = 90 @@ -52705,8 +52971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6294B8Acc35Dea7D32A95Ac5D4536F8F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15078-L15094" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15078-L15094" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ac92ff8e533121071a620ca5280ae66629576f9c4af9831ddac5bb487e4348af" score = 75 quality = 90 @@ -52730,8 +52996,8 @@ rule REVERSINGLABS_Cert_Blocklist_485E4626C32493C16283Cfd9E30D17Ad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15096-L15112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15096-L15112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "faf860786e8473493d24abf6e61cf0b906e98d786516be6d2098181368214020" score = 75 quality = 90 @@ -52755,8 +53021,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0312F9177Cd46B943Df3Ef22Db4608B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15114-L15132" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15114-L15132" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2eb955e91c927980cee031c6284e48bad315e891c32cdaf41b844090e841c44d" score = 75 quality = 90 @@ -52780,8 +53046,8 @@ rule REVERSINGLABS_Cert_Blocklist_202702 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15134-L15150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15134-L15150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bc097e97c1c4c4a71cbf66be811636fecfa23682cb2cc47ab1fcd680a646fb14" score = 75 quality = 90 @@ -52805,8 +53071,8 @@ rule REVERSINGLABS_Cert_Blocklist_369A02E5D90B2649040E7F87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15152-L15168" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15152-L15168" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e2a2e231914f166410580a42ca9d4aac18c5cba94d1f11d22e7acd6d375851d8" score = 75 quality = 90 @@ -52830,8 +53096,8 @@ rule REVERSINGLABS_Cert_Blocklist_60497070Ff4A83Bc87Bdea24Da5B431D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15170-L15186" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15170-L15186" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30998e3f5299a37cdee83b1232249b84dbb3c154ef99237da5ce1b16f9db5da3" score = 75 quality = 90 @@ -52855,8 +53121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A333E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15188-L15204" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15188-L15204" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f76d21e0ae2cf9b28825c813fc509d533c10aba38f8f0c2884365047c1272c1f" score = 75 quality = 90 @@ -52880,8 +53146,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb6519B2528D006D1Da987153Dad2B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15206-L15222" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15206-L15222" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "776402fc3a7de4843373bc1981f965fe9c2a9f1fe2374b142a96952fd05a591b" score = 75 quality = 90 @@ -52905,8 +53171,8 @@ rule REVERSINGLABS_Cert_Blocklist_621E696C3A6371E77A678Cbf0Ee34Ab2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15224-L15240" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15224-L15240" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "67c9fd92681d6dd1172509113e167e74e07f1f86fd62456758b3e3930180b528" score = 75 quality = 90 @@ -52930,8 +53196,8 @@ rule REVERSINGLABS_Cert_Blocklist_21B991 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15242-L15258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15242-L15258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "54ca9b19adfc9357a3fb74f0670ad929319c4d06a7de7ae400f8285a31052276" score = 75 quality = 90 @@ -52955,8 +53221,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cc37De5Dbed097F98F56Dbc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15260-L15276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15260-L15276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a2d04275b9fe37308c8f1dca75f4cc3c4a8985930f901e1f46e3ddc2977eea32" score = 75 quality = 90 @@ -52980,8 +53246,8 @@ rule REVERSINGLABS_Cert_Blocklist_50F66Ab0D7Ed19B69D48F635E69572Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15278-L15294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15278-L15294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "28f71c0572e769d4a0cb289071912bc79cddfd98a3a8161c5400c7bee7090bf5" score = 75 quality = 90 @@ -53005,8 +53271,8 @@ rule REVERSINGLABS_Cert_Blocklist_11212F502836A784752160351Defb136Cf09 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15296-L15312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15296-L15312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "63d4c1aaafdf6de14d0ae78035644cf6b0fefab8b0063d2566ca38af9f9498d2" score = 75 quality = 90 @@ -53030,8 +53296,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C16Be9A7Ce2A23Ab7A4B4Eb7Da3400C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15314-L15330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15314-L15330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "917f324cbe91718efc9b2f41ef947fa8f1a501dde319936774d702d57b1e6b37" score = 75 quality = 90 @@ -53055,8 +53321,8 @@ rule REVERSINGLABS_Cert_Blocklist_22Accad235Fb1Ac7422Ebe5Ea7Ac9Bc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15332-L15348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15332-L15348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b348c502aeae036f6d17283260ed4479427f89c8c25f2b6d59e137e90694dbe4" score = 75 quality = 90 @@ -53080,8 +53346,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D29757C4Fbfc32B97091D96E3723002 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15350-L15366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15350-L15366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "78ede4b02cb1b07500cd0c4f1f33da598938940d0f58430edda00d79b19b16a5" score = 75 quality = 90 @@ -53105,8 +53371,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A949Ef03D9Dd2D150B24B274Ff6D7B4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15368-L15384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15368-L15384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "88c63a921a300e1b985d084c3ab1a2485713b4c674dafd419d092e5562f121d7" score = 75 quality = 90 @@ -53130,8 +53396,8 @@ rule REVERSINGLABS_Cert_Blocklist_954D0577D5Ce8999E0387A5364829F66 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15386-L15404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15386-L15404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "84ddc08a0a55200f644778a0e3482f15e82d74c524f12a7ad91b1c3d4acfc731" score = 75 quality = 90 @@ -53155,8 +53421,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df5121Dc99D1Ab6B7E5229F6832123Ef : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15406-L15424" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15406-L15424" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3b5e5b81890f1dea3dc0858cade54e7f88a21861818be79c3e7fba066f80d491" score = 75 quality = 90 @@ -53180,8 +53446,8 @@ rule REVERSINGLABS_Cert_Blocklist_760Cef386B63406751Ae83A9Eae92342 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15426-L15442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15426-L15442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "43b56736afe081a1215db67b933413d7fbafbfc1be8213b330668578921ebca7" score = 75 quality = 90 @@ -53205,8 +53471,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C2625Fa836A64F4882C56Cc7A45F0Ed : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15444-L15460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15444-L15460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "85e187684d62c33ef6f69323b837ef2d44facab8278b512d7bd6afd49eaed976" score = 75 quality = 90 @@ -53230,8 +53496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df6Fa580F84493C414Ee0E431086737 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15462-L15478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15462-L15478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ef244587c9eb1e1cb2f8a9c161e5dd9ff70e9764586f16e011334400ee400ed9" score = 75 quality = 90 @@ -53255,8 +53521,8 @@ rule REVERSINGLABS_Cert_Blocklist_309D2E115F1Fe2993Ee2E063 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15480-L15496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15480-L15496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "15fdb95fe5429cdc0263615c2b7c90d21f37b52954c5ce568c1293cd3a544730" score = 75 quality = 90 @@ -53280,8 +53546,8 @@ rule REVERSINGLABS_Cert_Blocklist_90E33C1068F54913315B6Ce9311141B9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15498-L15516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15498-L15516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4a97171c6dfaa8d249ab0be1ce264b596d266ff4697d869a4d1f90cc0e2c49b7" score = 75 quality = 90 @@ -53305,8 +53571,8 @@ rule REVERSINGLABS_Cert_Blocklist_3F15C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15518-L15534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15518-L15534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03ea946fa99ed7a6ab23cb26dbf514b6c062d63371c9e2a5ddf999acd1954955" score = 75 quality = 90 @@ -53330,8 +53596,8 @@ rule REVERSINGLABS_Cert_Blocklist_285Eccbd1D0000E640B84307Ef88Cd9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15536-L15552" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15536-L15552" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "267df1c327b65938b2b82a53ec8345290659560c69c9a70f2866fe7bd73513a7" score = 75 quality = 90 @@ -53355,8 +53621,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Ab71A3F9Dde3Ef20C788Dd1D5Ff6C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15554-L15570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15554-L15570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4bee740eaf359462cd85c6232160c6b1fc3df67acfe731da9978f0b8a304a93f" score = 75 quality = 90 @@ -53380,8 +53646,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Beca26210737A5442Ff8B47 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15572-L15588" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15572-L15588" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7a1130413ae8807dc1ec96a6b1c3bac705a1520f7268db2848b997f6f3f9fc9b" score = 75 quality = 90 @@ -53405,8 +53671,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F203839A9C63B8798A7Cb31 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15590-L15606" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15590-L15606" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "604ba3fa671cc98e42caf80d07bc9650d193f898413517b46482f183b0f7008a" score = 75 quality = 90 @@ -53430,8 +53696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dc992Ea8E6Bb4926931Df656D5Eef8A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15608-L15626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15608-L15626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2b261624677a1c4a1ef539106bedcef30f272fda3d833d4c8095e9797d592e1f" score = 75 quality = 90 @@ -53455,8 +53721,8 @@ rule REVERSINGLABS_Cert_Blocklist_41Bd49Bb456644D8183B3Dae72Ec8F22 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15628-L15644" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15628-L15644" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0516af7b27d244f21c9cea62fe599725d412e385e34f5f3f4f618d565365d321" score = 75 quality = 90 @@ -53480,8 +53746,8 @@ rule REVERSINGLABS_Cert_Blocklist_A8D40Da6708679C08Aebddea6D3F6B8A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15646-L15664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15646-L15664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "27ec32791eaeccb8aa95d023c4fc8943f0435c32d8a17bde98d7d0b02ba17e59" score = 75 quality = 90 @@ -53505,8 +53771,8 @@ rule REVERSINGLABS_Cert_Blocklist_307642E1F3A92C6Cc2E7Fb6E18F2Ddcb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15666-L15682" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15666-L15682" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8c96fbd10672b0b258a80f3abaf0320540c5ff0a4636f011cfe7cfa8ccc482d0" score = 75 quality = 90 @@ -53530,8 +53796,8 @@ rule REVERSINGLABS_Cert_Blocklist_52379131A1C69263C795A7D398Db0997 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15684-L15700" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15684-L15700" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "245e994024e08add755ec704b895286c115ac00eb5aeecde98fce96f35f6e9e0" score = 75 quality = 90 @@ -53555,8 +53821,8 @@ rule REVERSINGLABS_Cert_Blocklist_44312Cb9A927B4111360762B4D4Bdd6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15702-L15718" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15702-L15718" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8e34636ed815812af478dd01eacd5298fa2cfeb420ee2f45e055f557534cae71" score = 75 quality = 90 @@ -53580,8 +53846,8 @@ rule REVERSINGLABS_Cert_Blocklist_123A5074069162F4Ed68Fc7D48F464C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15720-L15736" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15720-L15736" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f55835c7404edab96bc5c8fe3844f3380f1f6bc8b43da1d51213de899629e8f5" score = 75 quality = 90 @@ -53605,8 +53871,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Eb04B8Def382B5Efa75F63E0E85Ad0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15738-L15754" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15738-L15754" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "03adb8a9bf2a8f0633b34d5c39816b47e60b9e598208f7de79ad9d9a7ab8cc5e" score = 75 quality = 90 @@ -53630,8 +53896,8 @@ rule REVERSINGLABS_Cert_Blocklist_76D8D908Eed2F9857Dc5676A680Ceac9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15756-L15772" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15756-L15772" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "87f9930967d5832d3003672eeb89669b54feed1ca2ea5eec478c50e3cb7a7571" score = 75 quality = 90 @@ -53655,8 +53921,8 @@ rule REVERSINGLABS_Cert_Blocklist_083E3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15774-L15790" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15774-L15790" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6977d48a2e31235d780cba1b84b39a90e409ee8ea5555e01cbc34989ecd3882d" score = 75 quality = 90 @@ -53680,8 +53946,8 @@ rule REVERSINGLABS_Cert_Blocklist_79227311Acdd575759198Dbd3544Cca7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15792-L15808" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15792-L15808" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "73e920d51faf7150329ce189d1693c29a2285a02d54fee27e5af5afe3238295b" score = 75 quality = 90 @@ -53705,8 +53971,8 @@ rule REVERSINGLABS_Cert_Blocklist_13Ae38C9Ae21A8576C0D024D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15810-L15826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15810-L15826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7be892eaf9e2e31442f7ef5ffd296dd17696d6c95d20eb2758ede2c553b05f38" score = 75 quality = 90 @@ -53730,8 +53996,8 @@ rule REVERSINGLABS_Cert_Blocklist_557B0Abf44045827F1F36Efbc96271Ec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15828-L15844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15828-L15844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "633e8d6b44d62443d991738fa82b9742ac5634051bba5d0cdb3d6b35d66bdc8f" score = 75 quality = 90 @@ -53755,8 +54021,8 @@ rule REVERSINGLABS_Cert_Blocklist_7903870184E18A80899740845A15E2B2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15846-L15862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15846-L15862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ad32491b463d0b3b4c85ed78e81bb69802e5f90ae835f73e270b28f02b36f840" score = 75 quality = 90 @@ -53780,8 +54046,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fba9B373F812C16Aef531D4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15864-L15880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15864-L15880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8b7340359778e3aa56f6ea300973af74eb77efd54108d2ca2b6b8f04d89a1c39" score = 75 quality = 90 @@ -53805,8 +54071,8 @@ rule REVERSINGLABS_Cert_Blocklist_616A5205238590B01D7B761E444E4Ad9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15882-L15898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15882-L15898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "463ccd3ace9021569a7a6d5fcbaadf34b15d2b07baf3df526b271b547cf2bbc5" score = 75 quality = 90 @@ -53830,8 +54096,8 @@ rule REVERSINGLABS_Cert_Blocklist_29Be2278113Dd062Eadca32De6B242D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15900-L15916" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15900-L15916" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3df7afba9eda9022a64647ce2a91119d0bdf6fe5b164a1e82b1819409024fbee" score = 75 quality = 90 @@ -53855,8 +54121,8 @@ rule REVERSINGLABS_Cert_Blocklist_05F70A557Afd4A443F44D0Baf0Bc8C60 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15918-L15934" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15918-L15934" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3945f515b65ca3ffb6c2b64c884bb2790d703a277e1a5ba128c81bc63ed20a25" score = 75 quality = 90 @@ -53880,8 +54146,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E0665D61997072294A70C662F72Eae3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15936-L15952" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15936-L15952" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f07cdfd522db0a92fe1dba30f158b2c89bb5424bdcdfda50ae42fcfddeac19ba" score = 75 quality = 90 @@ -53905,8 +54171,8 @@ rule REVERSINGLABS_Cert_Blocklist_74702Dff5D4056B847D009A2265Fb1B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15954-L15970" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15954-L15970" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8acc57bbf334a48043dbee6fab7b7a54a44801b2ccd0ccd9d14194689c75c021" score = 75 quality = 90 @@ -53930,8 +54196,8 @@ rule REVERSINGLABS_Cert_Blocklist_353B1Cf7866Ee0B0Acdd532D0Bb1A220 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15972-L15988" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15972-L15988" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "aa8f0fe1517134b6e562c2accc46420a4f0afd77c3a7bbe98d551c54e68ed4c7" score = 75 quality = 90 @@ -53955,8 +54221,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Ff2870Fa33Eaf47259457Ee58C2E0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L15990-L16006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L15990-L16006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1aafe547b8645f07498bac6f0ffd6d5aefbac160aa7a6fb8d1d891e70701ce99" score = 75 quality = 90 @@ -53980,8 +54246,8 @@ rule REVERSINGLABS_Cert_Blocklist_719C17A823839Dca813Ee85888B3B39A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16008-L16024" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16008-L16024" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a160ada48048e11632082e7538459554d77d31539e53709cd897f3c454af8236" score = 75 quality = 90 @@ -54005,8 +54271,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Dc86Ebf5863568E2237B2D89582D705 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16026-L16042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16026-L16042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f24cdf890bd0b51a83ca333c37bc22068ab1f7e7ef36b36d94a133773097bd37" score = 75 quality = 90 @@ -54030,8 +54296,8 @@ rule REVERSINGLABS_Cert_Blocklist_214Df59Fe53874Cc011Dd45727035F51 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16044-L16060" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16044-L16060" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "96269f41f82621aee029f343acfce70c781bf7713588dfe78fac35a3d1d3f7cd" score = 75 quality = 90 @@ -54055,8 +54321,8 @@ rule REVERSINGLABS_Cert_Blocklist_37Ca4F66Fdcc8732992723199859886C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16062-L16078" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16062-L16078" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "190dffc36c17c27c43337d7914683b7bab3ff18a50de5278ed2a66f04b9e395d" score = 75 quality = 90 @@ -54080,8 +54346,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be2F22C152Bb218B898C4029056816A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16080-L16098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16080-L16098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "cd99e4d97d9a60f409cf072bbae254486c307ae3cb6e34c5cd9648c972615f36" score = 75 quality = 90 @@ -54105,8 +54371,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fc7065Abf8303Fb472B8Af85918F5C24 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16100-L16118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16100-L16118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f57ae32d7efd9cd4c0a207897e30b871dc32405c5b9ad844c9bb7eee4827cc5a" score = 75 quality = 90 @@ -54130,8 +54396,8 @@ rule REVERSINGLABS_Cert_Blocklist_698Ff388Adb50B88Afb832E76B0A0Ad1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16120-L16136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16120-L16136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b29bc69c8fd9543dba8f7d2a18d52b1bcbb8a8ae6f553d8b232ca74709b9addc" score = 75 quality = 90 @@ -54155,8 +54421,8 @@ rule REVERSINGLABS_Cert_Blocklist_391Ae38670Ab188A5De26E07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16138-L16154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16138-L16154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f7ccfadab650ae3b6f950c9d1b35f86aa4a4e6c05479c014ab18881a405678f0" score = 75 quality = 90 @@ -54180,8 +54446,8 @@ rule REVERSINGLABS_Cert_Blocklist_D08D83Ff118Df3777E371C5C482Cce7B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16156-L16174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16156-L16174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5fdaf01c6a23057ab976e3ad2a8b40558b16693161410b0f30d7b884de7e3985" score = 75 quality = 90 @@ -54205,8 +54471,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Ce209477F1Ac19A2049Bdc5846A831 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16176-L16192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16176-L16192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "24474c4033a8cad1690160da64b75a1eec570f56e830967256c19574bde59384" score = 75 quality = 90 @@ -54230,8 +54496,8 @@ rule REVERSINGLABS_Cert_Blocklist_447F449121B883211663B7B7E2Ead868 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16194-L16210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16194-L16210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f473a939d1a27cf53c09d0e4a3753a9444ae3674a55d5b0feafeef6b75dd487f" score = 75 quality = 90 @@ -54255,8 +54521,8 @@ rule REVERSINGLABS_Cert_Blocklist_6366A9Ac97Df4De17366943C9B291Aaa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16212-L16228" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16212-L16228" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "dcdfb78d4d779b1cabcdf5b2da1fa27aaa9faaed4d4967630ce45f30304fe227" score = 75 quality = 90 @@ -54280,8 +54546,8 @@ rule REVERSINGLABS_Cert_Blocklist_66E3F0B4459F15Ac7F2A2B44990Dd709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16230-L16246" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16230-L16246" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a563f1485ae8887c46f45d1366f676894c7db55954671825b37372f786ce0d3d" score = 75 quality = 90 @@ -54305,8 +54571,8 @@ rule REVERSINGLABS_Cert_Blocklist_610039D6349Ee531E4Caa3A65D100C7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16248-L16264" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16248-L16264" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e6b6a90cf40283d2e4d2d9c5732a078c9f2f117e3639ab5c0dd6c5323cb7c9ff" score = 75 quality = 90 @@ -54330,8 +54596,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Caa0D0Dadf32A2404A75195Ae47820A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16266-L16282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16266-L16282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ab71e485c0b541fae79d246d34b1f4fb146747c1c3fb723aa87a7a32378ff974" score = 75 quality = 90 @@ -54355,8 +54621,8 @@ rule REVERSINGLABS_Cert_Blocklist_140D2C515E8Ee9739Bb5F1B2637Dc478 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16284-L16300" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16284-L16300" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e6724fe80959592c8741621ce604518d3e964cee5941257a99dda78b9c8bbdac" score = 75 quality = 90 @@ -54380,8 +54646,8 @@ rule REVERSINGLABS_Cert_Blocklist_58015Acd501Fc9C344264Eace2Ce5730 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16302-L16318" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16302-L16318" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7c1bec5059d40fc326bb08775888ed169abc746228eeb42c897f479992c5acab" score = 75 quality = 90 @@ -54405,8 +54671,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7279068Beb15Ffe8060D2C56153C35 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16320-L16336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16320-L16336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca00f1adacd6ff16e54b85be38c3a4545a10c76548e0647f7f3f6cfa4dff412d" score = 75 quality = 90 @@ -54430,8 +54696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc0F18Da36702E302Db170D91Dc9202 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16338-L16354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16338-L16354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d9ee2cf63a4edb28f894ea49a5b4df9b818d5764d9a74721b1d5222f53859462" score = 75 quality = 90 @@ -54455,8 +54721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca9B6F49B8B41204A174C751C73Dc393 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16356-L16374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16356-L16374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0b6558a7a1b78d471aaadced959ba91e411df50e3cc08e447fe9bd97f9e5cced" score = 75 quality = 90 @@ -54480,8 +54746,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aaf65B8E7A2E68Bc8C9E8F27331B795C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16376-L16394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16376-L16394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "390d074da09d8e5b4bb2a6f4157a5125474ab5c22de62729d4fc4075edade289" score = 75 quality = 90 @@ -54505,8 +54771,8 @@ rule REVERSINGLABS_Cert_Blocklist_C6Ed0Efe2844Fa44Aae350C6845C3331 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16396-L16414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16396-L16414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5c4afcd8ceb5cc2f1df2303183ede2081b86365eeee7d4e1319a8ed9a45bbf0b" score = 75 quality = 90 @@ -54530,8 +54796,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ede6Cfbf9Fa18337B0Fdb49C1F693020 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16416-L16434" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16416-L16434" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "a7f18d0028cbc0001a196bc915b7881244a5833dd65f96dd7d2e8ab1b0622e0c" score = 75 quality = 90 @@ -54555,8 +54821,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda0F47B3B38E781Cdf6Ef6Be5D3F6Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16436-L16454" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16436-L16454" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "af3cd543a6feec3118ba4e5fdc8455584aa763bd8339f036ab332977fc0fb20e" score = 75 quality = 90 @@ -54580,8 +54846,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Da173Eb1Ac76340Ac058E1Ff4Bf5E1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16456-L16472" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16456-L16472" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "71da69fca275caead6a822e6587e0a07fc882f712afeafe18f4a595c269f6737" score = 75 quality = 90 @@ -54605,8 +54871,8 @@ rule REVERSINGLABS_Cert_Blocklist_1380A7Ccf2Bf36Bc496B00D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16474-L16490" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16474-L16490" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "88708d7d139a9d6e92f78df460b527a1ae6a404d0bcccb801c8c8cb1263a46c6" score = 75 quality = 90 @@ -54630,8 +54896,8 @@ rule REVERSINGLABS_Cert_Blocklist_02Eaf27E6F1575E365Fc7Fe4E0Be43F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16492-L16508" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16492-L16508" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "333a43bdfbc400727b8eae1efeb03484b959fc45ed6b8b0dd5e6a553fa27e87f" score = 75 quality = 90 @@ -54655,8 +54921,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb02Ac2Beb9611Ed57Eb12E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16510-L16526" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16510-L16526" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7f2a6c61ae82fec6829924d11190da776aebdd3d72c7e001fdc29b215649261c" score = 75 quality = 90 @@ -54680,8 +54946,8 @@ rule REVERSINGLABS_Cert_Blocklist_010000000001297Dba69Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16528-L16544" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16528-L16544" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bbc3e740d5043d1811ff44c7366c69192fb78c95215b30fd4f4c782812ad591c" score = 75 quality = 90 @@ -54705,8 +54971,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Def22Ef4C645B1Decfb36B6D3539Dbf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16546-L16562" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16546-L16562" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "655ed87ee65f937c7cec95085fe612f8d733e0853c87aa50b4aa1fda9e5f7a5d" score = 75 quality = 90 @@ -54730,8 +54996,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E39C2Ccc494438Bb8C2560F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16564-L16580" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16564-L16580" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "3b4a55149b3895eeea5f96297d1fc9787eb74e2fcef8170148ef1a2ced334311" score = 75 quality = 90 @@ -54755,8 +55021,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E3B09F43C3A0Fd53B7D600F08Fae2B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16582-L16598" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16582-L16598" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "86b06519858dce4b77cb870905297a1fd1c767053fd07c0b0469eb7fc3ba6b32" score = 75 quality = 90 @@ -54780,8 +55046,8 @@ rule REVERSINGLABS_Cert_Blocklist_21220646C639D62C16992F46 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16600-L16616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16600-L16616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "87202c29867e6410d59c1e3b5ab09a24ebac5c68c61d7b932b91a91dcf3707e2" score = 75 quality = 90 @@ -54805,8 +55071,8 @@ rule REVERSINGLABS_Cert_Blocklist_738663F2C9E4Adb3Ad5306Aa5E7Cc548 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16618-L16634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16618-L16634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "518a22e31432ee42e6aceb861815f7f9e84f2430b7fb3a78b498e45c584584ab" score = 75 quality = 90 @@ -54830,8 +55096,8 @@ rule REVERSINGLABS_Cert_Blocklist_4280F2C8Ce1D98E5F8Da7Ecb005Eeae5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16636-L16652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16636-L16652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4cc8f00a9704f595f3e48375942a19cd6f8d6c0e53afc932a61f5a4326be4bcb" score = 75 quality = 90 @@ -54855,8 +55121,8 @@ rule REVERSINGLABS_Cert_Blocklist_2946397Be9C5Ae44E95C99Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16654-L16670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16654-L16670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7b4925482fcc47dea81eb3d84af31cc572f1b19080b98dda330b0bf6d7c80f4" score = 75 quality = 90 @@ -54880,8 +55146,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df453588177Cf1C0C297Ff4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16672-L16688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16672-L16688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b0c82388fd87a89841d190ce4020cc5a2ea21c9d765ceca6bc25d64162479231" score = 75 quality = 90 @@ -54905,8 +55171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0619C5E39A4Fc60A32F9B07F6A4Ca328 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16690-L16706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16690-L16706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "75e3dfd593d7fdc268de54430be617c015957a624f2ca36bc0036d4cbde5b686" score = 75 quality = 90 @@ -54930,8 +55196,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Bffef48E6A321B418041310Fdb9B0D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16708-L16724" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16708-L16724" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "30a079b55b75b292f7af4f5ae99184cbb3cca1ce4cf20f2f5c961b533673db00" score = 75 quality = 90 @@ -54955,8 +55221,8 @@ rule REVERSINGLABS_Cert_Blocklist_34Ec9565805F34204C6966Fb81E36Ba1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16726-L16742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16726-L16742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e434a02f5b9b22a25d8fe7a0bb7bd81b1cd8bc5356b4b626e3bfceb3f554a085" score = 75 quality = 90 @@ -54980,8 +55246,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2B934B7F01E0Ac1E577814992243709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16744-L16762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16744-L16762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "37b254ab76d144c09cc7b622dba59f5e372bf01ae12ce260a06143abb52062f6" score = 75 quality = 90 @@ -55005,8 +55271,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A1B397Fd9451E3B5891Fc69681Ed73D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16764-L16780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16764-L16780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca43c7bacd8cb5a896c3135abf4a131bdb4a7f5093e64c8d1df743fad0c1c64a" score = 75 quality = 90 @@ -55030,8 +55296,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Eb816Aa49E4894D9E9F78729E53Cd48 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16782-L16798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16782-L16798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "4e22568612aec050c7f78b81ba6749528a9c25c0ba43e14260a581a9bea7a2f0" score = 75 quality = 90 @@ -55055,8 +55321,8 @@ rule REVERSINGLABS_Cert_Blocklist_383Ca88D6D9379C740609560 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16800-L16816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16800-L16816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ce41d046a7ca320d034fa226b5e8c22022cc6bfc97eb9ef294b1aca232aaacef" score = 75 quality = 90 @@ -55080,8 +55346,8 @@ rule REVERSINGLABS_Cert_Blocklist_6731Cb1430F18B8C0C43Ab40E1154169 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16818-L16834" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16818-L16834" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "c05349166919ffc18ac6ecb61b822a8365f87a82164c5e110ef94345bdc4de6f" score = 75 quality = 90 @@ -55105,8 +55371,8 @@ rule REVERSINGLABS_Cert_Blocklist_159505E6456B9A9352F7C47168D89B96 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16836-L16852" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16836-L16852" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d6d0d5c86dd88afa29fb3c7cc3c0ab2e3401637a23e062ee9bab693a715cf16f" score = 75 quality = 90 @@ -55130,8 +55396,8 @@ rule REVERSINGLABS_Cert_Blocklist_04A0E92B0B9Ebbb797Df6Ef52Bd5Ad05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16854-L16870" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16854-L16870" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ff2a2d06c48bd3426fa42526d966152e3e7166c4170b4e08bb65ee5d876eda93" score = 75 quality = 90 @@ -55155,8 +55421,8 @@ rule REVERSINGLABS_Cert_Blocklist_25F222Ab2613Dc4270B2Aabc2519A101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16872-L16888" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16872-L16888" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2c6673f6821c4ba11fc015cf3e9edefeb7c45209bc9dcd18501c4681444a9b9e" score = 75 quality = 90 @@ -55180,8 +55446,8 @@ rule REVERSINGLABS_Cert_Blocklist_212Ca239866F88C3D5B000B3004A569C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16890-L16906" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16890-L16906" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "23ab2343b17dce74fb4166a690ca5dd300b3ed20d3a6b43b922f456410d3035d" score = 75 quality = 90 @@ -55205,8 +55471,8 @@ rule REVERSINGLABS_Cert_Blocklist_18B700A319Aa98Ae71B279D4E8030B82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16908-L16924" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16908-L16924" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "e201498acfd9afebc68321887a806bb5c1d74c64a7cd93530feae2a944bd30fa" score = 75 quality = 90 @@ -55230,8 +55496,8 @@ rule REVERSINGLABS_Cert_Blocklist_169138A86954Be1D9B264F47 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16926-L16942" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16926-L16942" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1584e39b4e2025611bcb7bbbd92b97d25d12ddbb1e5c282db87730a03f7f56b1" score = 75 quality = 90 @@ -55255,8 +55521,8 @@ rule REVERSINGLABS_Cert_Blocklist_33412168Eeb3C0E4C7Dd0508A9Ffecd5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16944-L16960" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16944-L16960" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d634af0637c3349fe1718ee807b8a75007ab46b141494331901a22ce54e9fc5d" score = 75 quality = 90 @@ -55280,8 +55546,8 @@ rule REVERSINGLABS_Cert_Blocklist_422Ab71Ac7Fb125Ad7171B0C99510B0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16962-L16978" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16962-L16978" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "7366e5064a9a9f66260730575327e404eadea096ba3f6cf28c83c47bef9bca58" score = 75 quality = 90 @@ -55305,8 +55571,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F18946E5B773B7E32D9E7B4Fb8D434C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16980-L16996" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16980-L16996" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fa285c17b43d1acdb05888074ecb16047209ade8f7f6191274f58eca7438dadf" score = 75 quality = 90 @@ -55330,8 +55596,8 @@ rule REVERSINGLABS_Cert_Blocklist_3596Dfc23B9A42C66700982250Da2906 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L16998-L17014" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L16998-L17014" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "1b69bf520fde5255069cf8752d5c67716e9bc297ddde1566551a563a563197ea" score = 75 quality = 90 @@ -55355,8 +55621,8 @@ rule REVERSINGLABS_Cert_Blocklist_486Bbddc8C5Ee99F051Ecaeb3F99D2A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17016-L17032" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17016-L17032" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "75855e26ba4e01b56a551a006e789c6032cfb02c6f6125a9bdf8becb848db5b2" score = 75 quality = 90 @@ -55380,8 +55646,8 @@ rule REVERSINGLABS_Cert_Blocklist_11211Eea9D0D1D1A325B5Eae1B2B1951120F : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17034-L17050" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17034-L17050" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bafab986605be61d25a6764042937bc5d8c55196ea8ea9aa9360764d9681351b" score = 75 quality = 90 @@ -55405,8 +55671,8 @@ rule REVERSINGLABS_Cert_Blocklist_172Fea8Cb06Ffced6Bfac7F2F6B77754 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17052-L17068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17052-L17068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8e1e3e7d002ce084600c5444dc9b0bad8771370cb7919a3bb5ebc899040e4cf2" score = 75 quality = 90 @@ -55430,8 +55696,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ee50Bb98Fadca2D662A0920E76685A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17070-L17086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17070-L17086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "d232923ed962fbf4a9a30890778c2380d6c6967a693c6f77c2f558bb4347e60e" score = 75 quality = 90 @@ -55455,8 +55721,8 @@ rule REVERSINGLABS_Cert_Blocklist_21Bfddb6A66435D1Adce2Ceb23Ed7C9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17088-L17104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17088-L17104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "22ad68974a1c6729da369c26372ba93c25ddf68df880580c727bf2d3ee2d3a86" score = 75 quality = 90 @@ -55480,8 +55746,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1C3F7Bbaa91Ca49B06A5C1004Ee5Be : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17106-L17122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17106-L17122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9a8d9acc87668a6fbd9fdd52b6ef69d18de8f19d8f3d3ca8eeb630c6e8c25c65" score = 75 quality = 90 @@ -55505,8 +55771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2089 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17124-L17140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17124-L17140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "07ce4d39af1e56fbbfa400cf139956826999043480f93c0fc43ed056f6420d7f" score = 75 quality = 90 @@ -55530,8 +55796,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F84E030A0Ed10D5Ffe2B81B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17142-L17158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17142-L17158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "097655cb2965ae71efb905ddf20ed30c240d25e03d08a1b6c87b472533ccc9d8" score = 75 quality = 90 @@ -55555,8 +55821,8 @@ rule REVERSINGLABS_Cert_Blocklist_88346267057C0A82E2F39851D1B9694C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17160-L17178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17160-L17178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "60acdbad8ad3e1d4a863ce160d93abd0b5e2b214858cba84f7a1b907d2491486" score = 75 quality = 90 @@ -55580,8 +55846,8 @@ rule REVERSINGLABS_Cert_Blocklist_A46F9D8784778Baa48167C48Bbc56F30 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17180-L17198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17180-L17198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fffb6309355bc6764b0ab033db5964599c86c9a2f6d8985975a07f6b3ebb40ed" score = 75 quality = 90 @@ -55605,8 +55871,8 @@ rule REVERSINGLABS_Cert_Blocklist_525B5529Db20D17A85Be284D6B7952Ea : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17200-L17216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17200-L17216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "8fd406004b634e4826659b1dff88c61074fd321969b9fd63ea45d8e9608b35f1" score = 75 quality = 90 @@ -55630,8 +55896,8 @@ rule REVERSINGLABS_Cert_Blocklist_70Ae0E517D2Ef6D5Eed06B56730A1A9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17218-L17234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17218-L17234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "017eed878daf706eb96b638a8d1f4428466bc1d00ce27f32628bd249a658a813" score = 75 quality = 90 @@ -55655,8 +55921,8 @@ rule REVERSINGLABS_Cert_Blocklist_57C3717C5E2Ce9A2E0Cf0340C03F458E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17236-L17252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17236-L17252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "fd710146874528c43ad8a9f847b7704c44ba4564cf79e20e6b23aa98b0ee2ea5" score = 75 quality = 90 @@ -55680,8 +55946,8 @@ rule REVERSINGLABS_Cert_Blocklist_0761110Efe0B688C469D687512828C1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17254-L17270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17254-L17270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0ba60e1f58c7335ba5aa261031d09ee83a0ee51e05f8f26078b2a5c776ad0add" score = 75 quality = 90 @@ -55705,8 +55971,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aa03F385F870E3A6D243B74B1Dadf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/certificate/blocklist.yara#L17272-L17288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/certificate/blocklist.yara#L17272-L17288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ef49a28a93d31c55dd2dfd3bec645f757a0a1a7eb8718ce92cf47bf9af126aed" score = 75 quality = 90 @@ -55719,6 +55985,103 @@ rule REVERSINGLABS_Cert_Blocklist_08Aa03F385F870E3A6D243B74B1Dadf6 : INFO FILE condition: uint16(0)==0x5A4D and for any i in (0..pe.number_of_signatures) : (pe.signatures[i].subject contains "\\xE4\\xB8\\x9C\\xE8\\x8E\\x9E\\xE5\\xB8\\x82\\xE8\\x85\\xBE\\xE4\\xBA\\x91\\xE8\\xAE\\xA1\\xE7\\xAE\\x97\\xE6\\x9C\\xBA\\xE7\\xA7\\x91\\xE6\\x8A\\x80\\xE6\\x9C\\x89\\xE9\\x99\\x90\\xE5\\x85\\xAC\\xE5\\x8F\\xB8" and pe.signatures[i].serial=="08:aa:03:f3:85:f8:70:e3:a6:d2:43:b7:4b:1d:ad:f6" and 1352678400<=pe.signatures[i].not_after) } +rule REVERSINGLABS_Bytecode_MSIL_Infostealer_Gomorrahstealer : TC_DETECTION MALICIOUS MALWARE FILE +{ + meta: + description = "Yara rule that detects GomorrahStealer infostealer." + author = "ReversingLabs" + id = "f3c14d23-47a2-5b09-8f48-0c2f9350516a" + date = "2024-11-27" + modified = "2024-11-27" + reference = "ReversingLabs" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/ByteCode.MSIL.Infostealer.GomorrahStealer.yara#L1-L111" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" + logic_hash = "75d86ea2ef9f24487ef54979508170651cd60abba6daa4c3117e20a77bb3b086" + score = 75 + quality = 90 + tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + tc_detection_type = "Infostealer" + tc_detection_name = "GomorrahStealer" + tc_detection_factor = 5 + importance = 25 + + strings: + $get_browser_autofill_data = { + 1F ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0B 73 ?? ?? ?? ?? 0C 07 73 ?? ?? + ?? ?? 0D 09 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 09 6F ?? ?? ?? ?? 0A 16 06 17 DA 13 ?? + 13 ?? 2B ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? ?? ?? 6F + ?? ?? ?? ?? 13 ?? 08 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 08 72 ?? ?? ?? ?? 11 ?? 28 ?? + ?? ?? ?? 6F ?? ?? ?? ?? 26 08 72 ?? ?? ?? ?? 11 ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 + 08 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 08 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 7E ?? ?? ?? + ?? 17 D6 80 ?? ?? ?? ?? 00 11 ?? 17 D6 13 ?? 11 ?? 11 ?? 13 ?? 11 ?? 3E ?? ?? ?? ?? + 17 8D ?? ?? ?? ?? 13 ?? 11 ?? 16 7E ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? A2 00 + 11 ?? 28 ?? ?? ?? ?? 08 6F ?? ?? ?? ?? 28 ?? ?? ?? ?? 00 DE ?? 25 28 ?? ?? ?? ?? 13 + ?? 00 28 ?? ?? ?? ?? DE + } + $get_browser_cookies = { + 1F ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0B 73 ?? ?? ?? ?? 0C 07 73 ?? ?? + ?? ?? 0D 09 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 09 6F ?? ?? ?? ?? 0A 16 06 17 DA 13 ?? + 13 ?? 38 ?? ?? ?? ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? + ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 + ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 + ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? + 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 2D ?? 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 2D ?? + 16 2B ?? 17 00 13 ?? 11 ?? 2C ?? 7E ?? ?? ?? ?? 28 ?? ?? ?? ?? 14 (FE | 01) ?? 13 ?? + 11 ?? 2C ?? 38 ?? ?? ?? ?? 28 ?? ?? ?? ?? 11 ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 7E ?? + ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 13 ?? 2B ?? 00 11 ?? 28 ?? ?? ?? ?? 13 ?? 00 + 08 1F ?? 8D ?? ?? ?? ?? 13 ?? 11 ?? 16 11 ?? A2 00 11 ?? 17 72 ?? ?? ?? ?? A2 00 11 + ?? 18 11 ?? A2 00 11 ?? 19 72 ?? ?? ?? ?? A2 00 11 ?? 1A 11 ?? A2 00 11 ?? 1B 72 ?? + ?? ?? ?? A2 00 11 ?? 1C 11 ?? A2 00 11 ?? 1D 72 ?? ?? ?? ?? A2 00 11 ?? 1E 11 ?? A2 + 00 11 ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 7E ?? ?? ?? ?? 17 D6 80 ?? ?? ?? ?? 00 11 + ?? 17 D6 13 ?? 11 ?? 11 ?? 13 ?? 11 ?? 3E ?? ?? ?? ?? 17 8D ?? ?? ?? ?? 13 ?? 11 ?? + 16 7E ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? A2 00 11 ?? 28 ?? ?? ?? ?? 08 6F ?? + ?? ?? ?? 28 ?? ?? ?? ?? 00 DE ?? 25 28 ?? ?? ?? ?? 13 ?? 00 28 ?? ?? ?? ?? DE + } + $take_screenshot = { + 12 ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 28 ?? ?? ?? ?? 28 ?? + ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 00 + 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? + ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 28 ?? ?? ?? ?? 73 ?? ?? ?? ?? 0B 07 28 + ?? ?? ?? ?? 0A 06 12 ?? 16 16 28 ?? ?? ?? ?? 00 11 ?? 12 ?? 16 16 28 ?? ?? ?? ?? 00 + 11 ?? 08 6F ?? ?? ?? ?? 00 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 07 6F ?? ?? + ?? ?? 00 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 7E ?? ?? ?? ?? + 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 00 DE ?? 25 28 ?? ?? ?? ?? 0D 00 28 ?? ?? ?? ?? DE + } + $get_antivirus_information = { + 7E ?? ?? ?? ?? 0B 00 28 ?? ?? ?? ?? 0D 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? + 1B (FE | 02) ?? 72 ?? ?? ?? ?? 09 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 09 72 + ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 13 ?? 11 ?? 72 ?? ?? ?? ?? + 73 ?? ?? ?? ?? 13 ?? 11 ?? 6F ?? ?? ?? ?? 13 ?? 72 ?? ?? ?? ?? 11 ?? 6F ?? ?? ?? ?? + 13 ?? 12 ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0C 00 11 ?? 6F ?? ?? ?? ?? + 13 ?? 2B ?? 11 ?? 6F ?? ?? ?? ?? 74 ?? ?? ?? ?? 13 ?? 00 08 11 ?? 72 ?? ?? ?? ?? 6F + ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0C DE ?? 28 + ?? ?? ?? ?? 00 28 ?? ?? ?? ?? DE ?? 00 00 08 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 72 + ?? ?? ?? ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? + ?? 0C DE ?? 28 ?? ?? ?? ?? 00 28 ?? ?? ?? ?? DE ?? 00 00 11 ?? 6F ?? ?? ?? ?? 13 ?? + 11 ?? 3A ?? ?? ?? ?? 00 DE ?? 11 ?? 14 (FE | 01) ?? 16 (FE | 01) ?? 13 ?? 11 ?? 2C ?? + 11 ?? 6F ?? ?? ?? ?? 00 00 DC 08 0B DE ?? 28 ?? ?? ?? ?? 00 28 ?? ?? ?? ?? DE ?? 00 + 07 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 11 ?? 2C ?? 07 17 8D ?? ?? ?? ?? 13 ?? 11 ?? + 16 1F ?? 9D 11 ?? 6F ?? ?? ?? ?? 17 9A 16 8D ?? ?? ?? ?? 6F ?? ?? ?? ?? 16 8D ?? ?? + ?? ?? 6F ?? ?? ?? ?? 0B 00 07 0A 2B ?? 06 + } + $get_browser_history = { + 1F ?? 28 ?? ?? ?? ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0B 73 ?? ?? ?? ?? 0C 07 73 ?? ?? + ?? ?? 0D 09 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 09 6F ?? ?? ?? ?? 0A 16 06 17 DA 13 ?? + 13 ?? 2B ?? 09 11 ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 09 11 ?? 72 ?? ?? ?? ?? 6F + ?? ?? ?? ?? 13 ?? 08 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 08 72 ?? ?? ?? ?? 11 ?? 28 ?? + ?? ?? ?? 6F ?? ?? ?? ?? 26 08 72 ?? ?? ?? ?? 11 ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 + 08 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 26 7E ?? ?? ?? ?? 17 D6 80 ?? ?? ?? ?? 00 11 ?? 17 + D6 13 ?? 11 ?? 11 ?? 13 ?? 11 ?? 31 ?? 17 8D ?? ?? ?? ?? 13 ?? 11 ?? 16 7E ?? ?? ?? + ?? 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? A2 00 11 ?? 28 ?? ?? ?? ?? 08 6F ?? ?? ?? ?? 28 ?? + ?? ?? ?? 00 DE ?? 25 28 ?? ?? ?? ?? 13 ?? 00 28 ?? ?? ?? ?? DE + } + + condition: + uint16(0)==0x5A4D and ($get_browser_autofill_data) and ($get_browser_cookies) and ($take_screenshot) and ($get_antivirus_information) and ($get_browser_history) +} rule REVERSINGLABS_Win64_Infostealer_Daolpu : TC_DETECTION MALICIOUS MALWARE FILE { meta: @@ -55728,8 +56091,8 @@ rule REVERSINGLABS_Win64_Infostealer_Daolpu : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-08-26" modified = "2024-08-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/infostealer/Win64.Infostealer.Daolpu.yara#L1-L322" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/Win64.Infostealer.Daolpu.yara#L1-L322" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "5ffd0427c6c8e666cfabc48426e7771595a7024548706f37a1de3538e4e2d559" score = 75 quality = 90 @@ -56026,8 +56389,8 @@ rule REVERSINGLABS_Win32_Infostealer_Lumarstealer : TC_DETECTION MALICIOUS MALWA date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "0bc9e12396b1e85f69b965e9ea50960c59c50aba40317fb4de8f6abd092ec7d2" score = 75 quality = 90 @@ -56201,8 +56564,8 @@ rule REVERSINGLABS_Win32_Infostealer_Stealc : TC_DETECTION MALICIOUS MALWARE FIL date = "2023-06-07" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "bea1cf370150387eb185deff726e10e660e7eb571c20d22878def08b36f457bf" score = 75 quality = 90 @@ -56252,8 +56615,8 @@ rule REVERSINGLABS_Win32_Infostealer_Multigrainpos : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "9808c95b850a54677c4132057b8372cabf0159920b7e0e6834a83f0d39c088fa" score = 75 quality = 90 @@ -56336,8 +56699,8 @@ rule REVERSINGLABS_Win32_Infostealer_Projecthookpos : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "b7534c9e905256aaf80f04b746a92c50689437b288f7e393ef13fde1740c4a4e" score = 75 quality = 90 @@ -56433,8 +56796,8 @@ rule REVERSINGLABS_Win32_Virus_Elerad : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Elerad.yara#L3-L33" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Elerad.yara#L3-L33" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "930594bf99daf55ef02542ce7b393c1c23ead75946b3da3b555102a2e7142e33" score = 75 quality = 90 @@ -56471,8 +56834,8 @@ rule REVERSINGLABS_Win32_Virus_Mocket : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Mocket.yara#L3-L58" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Mocket.yara#L3-L58" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "af16974396efe7a1a46aa39b812482dcc49d0fe95db6640c1703db479e7ea9dc" score = 75 quality = 90 @@ -56533,8 +56896,8 @@ rule REVERSINGLABS_Win32_Virus_Greenp : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Greenp.yara#L3-L46" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Greenp.yara#L3-L46" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "ca6df34ee2ad9d93e35b0d1a2d4765f681f3981ffe2786bbc822c3090212fd02" score = 75 quality = 90 @@ -56584,8 +56947,8 @@ rule REVERSINGLABS_Win32_Virus_Cmay : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Cmay.yara#L3-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Cmay.yara#L3-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "f3bdf772eb80c632a913621732d12ae4a02bc7d3ba41f51711aa329be2ca6220" score = 75 quality = 90 @@ -56657,12 +57020,12 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Vit virus." author = "ReversingLabs" id = "4515fe43-4c5a-521d-82b7-273823f0c64e" - date = "2024-11-24" - date = "2024-11-24" + date = "2024-12-01" + date = "2024-12-01" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Linux.Virus.Vit.yara#L3-L36" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Linux.Virus.Vit.yara#L3-L36" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "2fba7a081dfca85aee5c7f3b33414b799ed52ca6aa5bbf031da040aaa75acde9" score = 75 quality = 90 @@ -56700,8 +57063,8 @@ rule REVERSINGLABS_Win32_Virus_Deadcode : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.DeadCode.yara#L3-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.DeadCode.yara#L3-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "6ac2e48daaed222f0a19afd4d03a02834705e0e3762db3217f68569554171846" score = 75 quality = 90 @@ -56773,8 +57136,8 @@ rule REVERSINGLABS_Win32_Virus_Negt : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Negt.yara#L3-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Negt.yara#L3-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "43057ef111fc505678606386c8d428653da391f4b65844d81479ca05e3517346" score = 75 quality = 90 @@ -56866,8 +57229,8 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/yara/virus/Win32.Virus.Awfull.yara#L3-L33" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/b0beb52a3fbac4178b1f6ceb079b9b8950839c99/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Win32.Virus.Awfull.yara#L3-L33" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/LICENSE" logic_hash = "84a4faee4cbbb3387ad25bd9230c6482b8db461bc008312bc782f23e3df2eae3" score = 75 quality = 90 @@ -56897,9 +57260,9 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE * YARA Rule Set * Repository Name: Elastic * Repository: https://github.com/elastic/protections-artifacts/ - * Retrieval Date: 2024-11-24 - * Git Commit: 99e762c867d944ed7a8ddf83f6af9475442f5c19 - * Number of Rules: 1808 + * Retrieval Date: 2024-12-01 + * Git Commit: 28336769b72540c8b02aa04e1b47dfc093f3ea03 + * Number of Rules: 1829 * Skipped: 0 (age), 7 (quality), 0 (score), 0 (importance) * * @@ -57009,8 +57372,8 @@ rule ELASTIC_Windows_Trojan_Warmcookie_7D32Fa90 : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://www.elastic.co/security-labs/dipping-into-danger" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13" logic_hash = "ed3be6e5c6127ef87f9ef6fe35b17815b96706e8e73a393ee9b0a8e3b0cd8f66" score = 75 @@ -57050,8 +57413,8 @@ rule ELASTIC_Windows_Trojan_Warmcookie_E8Cd480D : FILE MEMORY date = "2024-09-20" modified = "2024-09-30" reference = "https://www.elastic.co/security-labs/dipping-into-danger" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WarmCookie.yar#L34-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WarmCookie.yar#L34-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659" logic_hash = "addbc2e454771592a0ce6e92784ceec3f9c061f2798fe7450ac750cda5734d36" score = 75 @@ -57083,8 +57446,8 @@ rule ELASTIC_Linux_Trojan_Truncpx_894D60F8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2f09f2884fd5d3f5193bfc392656005bce6b935c12b3049ac8eb96862e4645ba" logic_hash = "9bc0a7fbddac532b53c72681f349bca0370b1fe6fb2d16f539560085b3ec4be3" score = 75 @@ -57112,8 +57475,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_9D095C44 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "2a2e6325d3de9289cc8bc26e1fe89a8fa81d9aae50b92ba2cf21c4cc6556ac9e" score = 75 @@ -57148,8 +57511,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_Be382Dac : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "a13e37e7930d2d1ed1aa4fdeb282f11bfeb7fe008625589e2bfeab0beea43580" score = 75 @@ -57177,8 +57540,8 @@ rule ELASTIC_Windows_Exploit_Generic_E95Cc41C : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Generic.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Generic.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4cce9e39c376f67c16df3bcd69efd9b7472c3b478e2e5ef347e1410f1105c38d" logic_hash = "9b620988a6ee84ed0cbb0fb0a3cca633fffc8e6369ed45455e9e1e6c021ea461" score = 75 @@ -57219,8 +57582,8 @@ rule ELASTIC_Windows_Exploit_Generic_008359Cf : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Generic.yar#L34-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Generic.yar#L34-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "73225a3a54560965f4c4fae73f7ee234e31217bc06ff8ba1d0b36ebab5e76a87" logic_hash = "9514241b5573c8d01ccd012195e29aefc3ef8a12eb982e6dd9ec66b00c064bd8" score = 75 @@ -57253,8 +57616,8 @@ rule ELASTIC_Windows_Exploit_Generic_8C54846D : FILE date = "2024-02-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Generic.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Generic.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b6ea4815a38e606d4a2d6e6d711e610afec084db6899b7d6fc874491dd939495" logic_hash = "0662c8edb449e15b16be3e53a88cf62af46b4a656c1a49b399e131c2ad71b55a" score = 75 @@ -57292,8 +57655,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "541a4ca1da41f7cf54dff3fee917b219fadb60fd93a89b93b5efa3c1a57af81d" score = 75 quality = 75 @@ -57321,8 +57684,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_5C38878D : FILE MEMORY date = "2021-09-15" modified = "2021-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "897880d13318027ac5008fe8d008f09780d6fa807d6cc828b57975443358750c" score = 75 quality = 75 @@ -57349,8 +57712,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_21E801E0 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c3bda62725bb1047d203575bbe033f0f95d4dd6402c05f9d0c69d24bd3224ca6" logic_hash = "19ef7bc8c7117024ca72956376954254c36eeb673f9379aa00475f763084a169" score = 75 @@ -57378,8 +57741,8 @@ rule ELASTIC_Windows_Trojan_Snakekeylogger_Af3Faa65 : FILE MEMORY date = "2021-04-06" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "54180a642d40b5366f1b400c347c25dc31397d662d6bb8af33c7d2319c97d3fb" score = 75 quality = 73 @@ -57420,8 +57783,8 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a0e467aacd383727d46e766f1c45b424a6d46248118c155c22c538e8773b3ae7" logic_hash = "1bff820ec5cc9e56e7be4b290a48628115cc1ace5e41278fa76898bf39ef893e" score = 75 @@ -57456,8 +57819,8 @@ rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4ccd399ea99d4e31fbf2bbf8017c5368d29e630dc2985e90f07c10c980fa084" logic_hash = "8bc38f26da5a3350cbae3e93b890220bb461ff77e83993a842f68db8f757e435" score = 75 @@ -57485,8 +57848,8 @@ rule ELASTIC_Windows_Trojan_Darkcloud_9905Abce : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "500cb8459c19acd5a1144c4b509c14dbddec74ad623896bfe946fde1cd99a571" logic_hash = "27d3841d6acf87f5c9c03d643c7859d9eaf42e49ed0241b761f858c669c4e931" score = 75 @@ -57515,8 +57878,8 @@ rule ELASTIC_Windows_Trojan_Nanocore_D8C4E3C5 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd" logic_hash = "fcc13e834cd8a1f86b453fe3c0333cd358e129d6838a339a824f1a095d85552d" score = 75 @@ -57554,8 +57917,8 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "22a418e660b5a7a2e0cc1c1f3fe1d150831d75c4fedeed9817a221194522efcf" logic_hash = "3881222807585dc933cb61473751d13297fa7eb085a50d435d3b680354a35ee9" score = 75 @@ -57583,8 +57946,8 @@ rule ELASTIC_Linux_Ransomware_Erebus_Ead4F55B : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6558330f07a7c90c40006346ed09e859b588d031193f8a9679fe11a85c8ccb37" logic_hash = "82e81577372298623ee3ed3583bb18b2c0cfff30abbacf2909e7efca35c83bd7" score = 75 @@ -57614,8 +57977,8 @@ rule ELASTIC_Windows_Vulndriver_Echodrv_D17Ff31C : FILE date = "2023-10-31" modified = "2023-11-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9" logic_hash = "0b2eb3c5da8703749ee63662495d6e8738ccdc353f3ac3df48e25a77312c0da0" score = 75 @@ -57643,8 +58006,8 @@ rule ELASTIC_Windows_Trojan_Deimos_F53Aee03 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "07675844a8790f8485b6545e7466cdef8ac4f92dec4cd8289aeaad2a0a448691" score = 75 @@ -57674,8 +58037,8 @@ rule ELASTIC_Windows_Trojan_Deimos_C70677B4 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "c969221f025b114b9d5738d43b6021ab9481dbc6b35eb129ea4f806160b1adc3" score = 75 @@ -57704,8 +58067,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerypassw_6125F987 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Infostealer_MdQueryPassw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Infostealer_MdQueryPassw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "72e0c1a7507733157f93e2bff82e6ec10d50986020eeeb27a02aba5cd8c78a81" score = 75 quality = 71 @@ -57733,8 +58096,8 @@ rule ELASTIC_Linux_Trojan_Rooter_C8D08D3A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f55e3aa4d875d8322cdd7caa17aa56e620473fe73c9b5ae0e18da5fbc602a6ba" logic_hash = "c91f3112cc61acec08ab3cd59bab2ae833ba0d8ac565ffb26a46982f38af0e71" score = 75 @@ -57762,8 +58125,8 @@ rule ELASTIC_Linux_Trojan_Shark_B918Ab75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Shark.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Shark.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8b6fe9f496996784e42b75fb42702aa47aefe32eac6f63dd16a0eb55358b6054" logic_hash = "16302c29f2ae4109b8679933eb7fd9ef9306b0c215f20e8fff992b0b848974a9" score = 75 @@ -57791,8 +58154,8 @@ rule ELASTIC_Windows_Vulndriver_Procexp_Aeb4E5C0 : FILE date = "2022-04-04" modified = "2022-10-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c" logic_hash = "827bb2efb6d3442233f81e87a42a3f5ee5caaeadc459070c6d347c6515866c93" score = 75 @@ -57822,8 +58185,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_F4Dee200 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "abab541ebddf36c05e351d506d4f978a30d8a44ff09233a667d62a1692dabe15" score = 75 @@ -57852,8 +58215,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_370C5287 : FILE MEMORY date = "2022-03-24" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "8a2934c28efef6a5fed26dc88d074aee15b0869370c66f6a4d6eaedf070eaa9e" score = 75 @@ -57881,8 +58244,8 @@ rule ELASTIC_Linux_Exploit_CVE_2018_10561_0F246E33 : FILE MEMORY CVE_2018_10561 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eac08c105495e6fadd8651d2e9e650b6feba601ec78f537b17fb0e73f2973a1c" logic_hash = "2c3785ddfded7128e983f3ec17a9f77c856d903f07e325b08f9f463950576ebe" score = 75 @@ -57910,8 +58273,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_C3522Fd0 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "00d28aafd242308ad6561547ed8c80dad3086859dacab09ffdd43d436bf9ec52" score = 75 quality = 75 @@ -57941,8 +58304,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_A6C09942 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "cecdeb21e041c90769b8fd8431fa87943461c1f7faa5ad15918524b91ba5c792" score = 75 quality = 75 @@ -57971,8 +58334,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_E19Feca1 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1f5a69b6749e887a5576843abb83388d5364e47601cf11fcac594008ace8e973" score = 75 quality = 75 @@ -58012,8 +58375,8 @@ rule ELASTIC_Windows_Hacktool_Godpotato_5F1Aad81 : FILE MEMORY date = "2024-06-24" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_GodPotato.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_GodPotato.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00171bb6e9e4a9b8601e988a8c4ac6f5413e31e1b6d86d24b0b53520cd02184c" logic_hash = "3028c84a616d47b37b4ef2d41d35ccef5121c06aa042096bca8ea53b528a1eb9" score = 75 @@ -58050,8 +58413,8 @@ rule ELASTIC_Windows_Trojan_Xworm_732E6C12 : FILE MEMORY date = "2023-04-03" modified = "2024-10-15" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_XWorm.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_XWorm.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf5ea8d5fd573abb86de0f27e64df194e7f9efbaadd5063dee8ff9c5c3baeaa2" logic_hash = "6aa72029eeeb2edd2472bf0db80b9c0ae4033d7d977cbee75ac94414d1cdff7a" score = 75 @@ -58085,8 +58448,8 @@ rule ELASTIC_Windows_Trojan_Xworm_B7D6Eaa8 : FILE MEMORY date = "2024-09-10" modified = "2024-10-15" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_XWorm.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_XWorm.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6fc4ff3f025545f7e092408b035066c1138253b972a2e9ef178e871d36f03acd" logic_hash = "6a9da68dd1475974e71043a0e5a51d70762473c385d6acef34945019c7016b02" score = 75 @@ -58119,8 +58482,8 @@ rule ELASTIC_Windows_Trojan_Xworm_7078E1C8 : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_XWorm.yar#L52-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_XWorm.yar#L52-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "034c8a18c15521069af36595357d9c8413a33544af8d3ea5f0ac7d471841e0ec" logic_hash = "4c69648e4a68c8c46cf435f4dcac79176a023d8cd7209f9fa6a6b244797c66f3" score = 75 @@ -58148,8 +58511,8 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY date = "2022-10-29" modified = "2022-12-20" reference = "https://vms.drweb.com/virus/?i=8172096" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "68d9ffb6e00c2694d0d827108d0410d5a66d4f8cf839afddd17c5887b0149350" logic_hash = "3d42c76626c76959e450a81001c73d8d47b52789cab324e0cc7af09303c1367d" score = 75 @@ -58173,6 +58536,38 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY condition: 5 of ($a*) or 1 of ($b*) } +rule ELASTIC_Linux_Ransomware_Agenda_4562A654 : FILE MEMORY +{ + meta: + description = "Detects Linux Ransomware Agenda (Linux.Ransomware.Agenda)" + author = "Elastic Security" + id = "4562a654-a595-4480-a095-bd89ec907529" + date = "2024-09-12" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Agenda.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "cd27a31e618fe93df37603e5ece3352a91f27671ee73bdc8ce9ad793cad72a0f" + logic_hash = "9e9adad7640cda1142c31e801d1473e4ddb84574ce1bb1694e40d96850fcb815" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "b290b47e0839a5563b86d9d7dfbdc7fb2efa5669ede07f3710031f251b82ed6b" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $ = "%s_RECOVER.txt" + $ = "-- Qilin" + $ = "no-vm-kill" + $ = "File extensions blacklist: [%s]" + + condition: + 3 of them +} rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY { meta: @@ -58182,8 +58577,8 @@ rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "51dd4efcf714e64b4ad472ea556bf1a017f40a193a647b9e28bf356979651077" logic_hash = "65decd519dee947894dd684c52d91202ebe5587acfecc0b8b56cd73f2981e387" score = 75 @@ -58220,8 +58615,8 @@ rule ELASTIC_Windows_Trojan_Quasarrat_E52Df647 : FILE MEMORY date = "2021-06-27" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d" logic_hash = "41f32e0c9b3b43d10baef10060e064ad860558bcdeb4281a30d30c16615ed21d" score = 75 @@ -58253,8 +58648,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_F0247Cce : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "0c5d802b5bfc771bdf5df541b18c7ab9de4f420fd3928bfd85b1a71cca2af1bc" score = 75 @@ -58284,8 +58679,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_Adee8A17 : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "98a4d31849a1828c2154b5032a81580f5dcc8d4a65b96dea3a727e2a82a51666" score = 75 @@ -58313,8 +58708,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Edc62A10 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "64485ffc283e981c8b77db5a675c7ba2a04d3effaced522531185aa46eb6a36b" logic_hash = "986cb6c28d2d9767a2fd084fdd71edb7a1c36e78ddedf3c562076cf6f5b5afd1" score = 75 @@ -58342,8 +58737,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Eee75D2C : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "18cd9be4af210686872610f832ac0ad58a48588a1226fc6093348ceb8371c6b4" score = 75 @@ -58371,8 +58766,8 @@ rule ELASTIC_Linux_Hacktool_Ligolong_027C0134 : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_LigoloNG.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_LigoloNG.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eda6037bda3ccf6bbbaf105be0826669d5c4ac205273fefe103d8c648271de54" logic_hash = "a6f3c1f4c044765d841992758f451666e8bf5225e1a9f02925619c99fe8e03cb" score = 75 @@ -58402,8 +58797,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2Aef46A6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d2c88774eb5227cf2d133644c648ebe5ba40c7e0acb2b432bc6a1a9da10bfb3f" score = 75 quality = 73 @@ -58430,8 +58825,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_A6572D63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2ff33adb421a166895c3816d506a63dff4e1e8fa91f2ac8fb763dc6e8df59d6e" logic_hash = "237392fe51c8528cb5ed446facfcd3535b8e1d594d77a542361873bd52426fa7" score = 75 @@ -58459,8 +58854,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E41143E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4564bf2019ff5086071ff147c9cf1e16b8627ce5d70cbe8370aecbd518d94b57" score = 75 quality = 75 @@ -58487,8 +58882,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_0Eb147Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "b20479af0767e5e8579489b5298648b9cc84b3e0778f58d8dc9deb252d0f4806" score = 75 @@ -58516,8 +58911,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ba961Ed2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "5b486c698c9c61dc126be5dbeea862b1f9bb5a6859c02a0fff125a9890147a6b" score = 75 @@ -58545,8 +58940,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2084099A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L99-L116" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L99-L116" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6674be1438ec290550c9586afda335755279a4aedadde455ffc0b41d1a0e634d" score = 75 quality = 75 @@ -58573,8 +58968,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_61C88137 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L118-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L118-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "479ef38fa00bb13a3aa8448aa4a4434613c6729975e193eec29fc5047f339111" logic_hash = "e999355606ee7389be160ce3e96c6a62d7f9132b95cfec7d9f8b1a670551e6b8" score = 75 @@ -58602,8 +58997,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Debb98A1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "494f549e3dd144e8bcb230dd7b3faa8ff5107d86d9548b21b619a0318e362cad" logic_hash = "c2e43818fcf18d34a6a3611aaaafde31d96b41867d15dfdb1dec20203f5907eb" score = 75 @@ -58631,8 +59026,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1D6E10Fd : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c7851316f01ae84ee64165be3ba910ab9b415d7f0e2f5b7e5c5a0eaefa3c287" logic_hash = "01ec1af1ca03173e867113c3bec7911990a0c8c2d9f19b5233715a7f7490f5f1" score = 75 @@ -58660,8 +59055,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E3Ffbbcc : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "28b7ddf2548411910af033b41982cdc74efd8a6ef059a54fda1b6cbd59faa8f6" logic_hash = "54711c2d3e6d73cf4358ba4a65cb19d996adcfa905c0089a18a61fe841fe9a34" score = 75 @@ -58689,8 +59084,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_30F3B4D4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b15d43d3535965ec9b84334cf9def0e8c3d064ffc022f6890320cd6045175bc" logic_hash = "99efc257ff2afb779304451bd9f6f6ce9e88f54954189601ed10e95e2268dd4f" score = 75 @@ -58718,8 +59113,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ca75589C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0448c1b2c7c738404ba11ff4b38cdc8f865ccf1e202f6711345da53ce46e7e16" logic_hash = "c717e6f85a5b30514803ba43c85d82e2aaa4533b7f74db5345df83d1cc4c6551" score = 75 @@ -58747,8 +59142,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_7909Cdd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0a4a5874f43adbe71da88dc0ef124f1bf2f4e70d0b1b5461b2788587445f79d9" logic_hash = "4b2557ab78d22ae4f46e5813ba5dc4663cd92b945a1add3155f77d3030ccc92d" score = 75 @@ -58776,8 +59171,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2522D611 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c2be53e298c285db8b028f563e97bf1cdced0c4564a34e740289b340db2aac1" logic_hash = "59f2552809bc48e16719cb9b4d2a7b99999307803fce031ca39eb24e14b88908" score = 75 @@ -58805,8 +59200,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_56Bd04D3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d2ce3891851808fb36779a348a83bf4aa9de1a2b2684fd0692434682afac5ec" logic_hash = "47a33fcd69dd78cbc6c3274aeaa8dddabe119ae65b59077e1807657b8a67fed3" score = 75 @@ -58834,8 +59229,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_F412E4B4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0e3a3f7973f747fcb23c72289116659c7f158c604d937d6ca7302fbab71851e9" logic_hash = "b4e1b193e80aa88b91255df3a5f2e45de7f23fdba4a28d3ceb12db63098e70e5" score = 75 @@ -58863,8 +59258,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_71F8E26C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13f873f83b84a0d38eb3437102f174f24a0ad3c5a53b83f0ee51c62c29fb1465" logic_hash = "f9f2f22acd4f52cc313e3ecf425604651e0b8c78e33480d4d05bae5b8c9661fb" score = 75 @@ -58892,8 +59287,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1A562D3B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15731db615b32c49c34f41fe84944eeaf2fc79dafaaa9ad6bf1b07d26482f055" logic_hash = "8d3b369bdcecd675f99cedf26dba202256555be0f5feae612404f9b5e109fa93" score = 75 @@ -58921,8 +59316,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_410256Ac : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15f44e10ece90dec1a6104d5be1effefa17614d9f0cfb2784305dab85367b741" logic_hash = "88227af6d2f365b761961bdf4b94bed81bca79e23d546e69900faa17c3e4dc71" score = 75 @@ -58950,8 +59345,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_93Fa87F1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "165b4a28fd6335d4e4dfefb6c40f41f16d8c7d9ab0941ccd23e36cda931f715e" logic_hash = "2a1e797d4dd2599b5c67e73e3c909a1803e604edf0b6ba228713ee375ccc9b16" score = 75 @@ -58979,8 +59374,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_8677Dca3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "23813dc4aa56683e1426e5823adc3aab854469c9c0f3ec1a3fad40fa906929f2" logic_hash = "9902758dfb61e8b60b281f3f51cda8a10d58eb0cc20743f97998d7bcf120c299" score = 75 @@ -59008,8 +59403,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ebce4304 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "42fbfc2c2636c2e3a5da5e51c6bf99f6114ec7d00b88371a34e1fdbe81d1264a" score = 75 @@ -59037,8 +59432,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_073E6161 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "2c98058add77c55ab68491eec041d7670f726a9ec93258ae7bb8f0e6721b4ca3" score = 75 @@ -59066,8 +59461,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Bef22375 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xorddos.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xorddos.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f47baf48deb71910716beab9da1b1e24dc6de9575963e238735b6bcedfe73122" logic_hash = "3991ebdb310338516d5fdd137ba2ac63dc870337785a31d59dcad49135f190e5" score = 75 @@ -59095,8 +59490,8 @@ rule ELASTIC_Windows_Trojan_Dodgebox_095012D2 : FILE MEMORY date = "2024-07-11" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DodgeBox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DodgeBox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db" logic_hash = "f1fe9b05deaebaddd83dda0ad98602b49682f8ba767de8c0ffad761d344c5115" score = 75 @@ -59128,8 +59523,8 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b432805eb6b2b58dd957481aa8a973be58915c26c04630ce395753c6a5196b14" logic_hash = "fde2e0b5debd4d26838fb245fdf8e5103ab5aab9feff900cbba00c1950adc61a" score = 75 @@ -59162,8 +59557,8 @@ rule ELASTIC_Windows_Trojan_Systembc_C1B58C2F : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "016fc1db90d9d18fe25ed380606346ef12b886e1db0d80fe58c22da23f6d677d" logic_hash = "16ed14dac0c30500c5e91759b0a1b321f3bd53ae6aab1389a685582eba72c222" score = 75 @@ -59196,8 +59591,8 @@ rule ELASTIC_Linux_Trojan_Xhide_7F0A131B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "4843042576d1f4f37b5a7cda1b261831030d9145c49b57e9b4c66e2658cc8cf9" score = 75 @@ -59225,8 +59620,8 @@ rule ELASTIC_Linux_Trojan_Xhide_Cd8489F7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "34924260c811f1796ae37faec922bc21bb312ebb0672042d3ec27855f63ed61e" score = 75 @@ -59254,8 +59649,8 @@ rule ELASTIC_Linux_Trojan_Xhide_840B27C7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "6b0bfe69558399af6e0469a31741dcf2eb91fbe3e130267139240d3458eb8a0d" score = 75 @@ -59283,8 +59678,8 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fad956a6a38abac8a8a0f14cc50f473ec6fc1c9fd204e235b89523183931090b" logic_hash = "413f19744240eae0a87d56da1e524e2afa0fe0ec385bd9369218713b13a93495" score = 75 @@ -59312,8 +59707,8 @@ rule ELASTIC_Linux_Trojan_Sfloost_69A5343A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0cd73db5165671c7bbd9493c34d693d25b845a9a21706081e1bf44bf0312ef9" logic_hash = "bd3cd33d02c7ca1d3a0364e5e3e2f968f32da8f087f744232f3cb786da6c7875" score = 75 @@ -59341,8 +59736,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_53692410 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "b8aa25fbde4d9ca36656f583e7601118a06e57703862c8b28b273881eef504fe" score = 60 @@ -59370,8 +59765,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_013E07De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "ce21de61f94d41aa3abb73b9391a4d9c8ddeea75f1a2b36be58111b70a9590fe" score = 60 @@ -59399,8 +59794,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_0De95Cab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "717bea3902109d1b1d57e57c26b81442c0705af774139cd73105b2994ab89514" logic_hash = "adec3e1d3110bcc22262d5f1f2ad14a347616f4a809f29170a9fbb5d1669a4c3" score = 75 @@ -59428,8 +59823,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_711259E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "a71dbb979bc1f7671ab9958b6aa502e6ded4ee1c1b026080fd377eb772ebb1d5" score = 75 @@ -59457,8 +59852,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_7478Ddd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "20e1509c23d7ef14b15823e4c56b9a590e70c5b7960a04e94b662fc34152266c" logic_hash = "e650ee830b735a11088b628e865cd40a15054437ca05849f2eaa7838eac152e3" score = 75 @@ -59486,8 +59881,8 @@ rule ELASTIC_Windows_Vulndriver_Lha_F72Bff9A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf" logic_hash = "cea05432b47cf14982bda74476c8c8582068c22fe7dec6468c9756c20412dca2" score = 75 @@ -59516,8 +59911,8 @@ rule ELASTIC_Linux_Worm_Generic_920D273F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Worm_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Worm_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "04a65bc73fab91f654d448b2d7f8f15ac782965dcdeec586e20b5c7a8cc42d73" logic_hash = "d0ed260857ae3002483ea7ef242b82514caaa95c2700b39dd0a03d39fdde090d" score = 75 @@ -59545,8 +59940,8 @@ rule ELASTIC_Linux_Worm_Generic_98Efcd38 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Worm_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Worm_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "87507f5cd73fffdb264d76db9b75f30fe21cc113bcf82c524c5386b5a380d4bb" logic_hash = "c1a130d2ef8d09cb28adc4e347cbd1a083c78241752ecf3f935b03d774d00a81" score = 60 @@ -59574,8 +59969,8 @@ rule ELASTIC_Linux_Worm_Generic_Bd64472E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Worm_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Worm_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3334a3b61b1a3fc14763dc3d590100ed5e85a97493c89b499b02b76f7a0a7d0" logic_hash = "9a7267a0ebc1073d0b1f81a61b963642cc816b563b43ff4d9508dd8bc195a0e1" score = 75 @@ -59603,8 +59998,8 @@ rule ELASTIC_Linux_Worm_Generic_3Ff8F75B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Worm_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Worm_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "991175a96b719982f3a846df4a66161a02225c21b12a879e233e19124e90bd35" logic_hash = "798e98f286201f1cda18bf1bf433826cf8a949b584f016b24a684425069d1024" score = 75 @@ -59632,8 +60027,8 @@ rule ELASTIC_Windows_Vulndriver_Asio_5F9F29Be : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15" logic_hash = "a901d81737c7e6d00e87f0eec758dd063eade59d9883e85e04a33bb18f2f99de" score = 75 @@ -59661,8 +60056,8 @@ rule ELASTIC_Linux_Trojan_Zpevdo_7F563544 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "9cbbb5a9166184cef630d1aba8fec721f676b868d22b1f96ffc1430e98ae974c" score = 75 quality = 75 @@ -59689,8 +60084,8 @@ rule ELASTIC_Linux_Cryptominer_Miancha_646803Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c7761c9376ed065887dc6ce852491641419eb2d1f393c37ed0a5cb29bd108d4" logic_hash = "8fd386c0e7037565e8ab206642cc8c11f05ca727b365b94ffdd991f4bed95556" score = 75 @@ -59718,8 +60113,8 @@ rule ELASTIC_Windows_Infostealer_Strela_0Dc3E4A1 : MEMORY date = "2024-03-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Infostealer_Strela.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Infostealer_Strela.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e6991b12e86629b38e178fef129dfda1d454391ffbb236703f8c026d6d55b9a1" logic_hash = "ac1b53f2857fd13ba0e33aa94c65f0d5fa22b76d504fff347b3ff0a53f37ee26" score = 75 @@ -59753,8 +60148,8 @@ rule ELASTIC_Windows_Virus_Expiro_84E99Ff0 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Virus_Expiro.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Virus_Expiro.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "47107836ead700bddbe9e8a0c016b5b1443c785442b2addbb50a70445779bad7" logic_hash = "ce4847bf5850c1f30dca9603bfbbfbb69339285f096ac469c6d2d4b04f5562b4" score = 75 @@ -59783,8 +60178,8 @@ rule ELASTIC_Windows_Virus_Neshta_2A5A14C8 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Virus_Neshta.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Virus_Neshta.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f298214764ee9ab690cb4b376d8a7893edcd9c05a3c4e6f3a56010974a130bd7" logic_hash = "0b5d0603f4c20a2368f697dd84cfe1790a5d0e5904c76066601c9e3d1b5ed1e1" score = 75 @@ -59813,8 +60208,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_D63F5E54 : FILE MEMORY date = "2023-03-16" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "523dcff68a51ea8fb022066b5f09394e8174d6c157222a08100de30669898057" score = 75 quality = 75 @@ -59844,8 +60239,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_2E50F393 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3ca1d4568fea7b2e4e9d30ba03662a2c28ee8623d887a0336e27989b5c98b55f" score = 75 quality = 75 @@ -59874,8 +60269,8 @@ rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c" logic_hash = "b21c16cb72d003c505aa0ac4cc21b92513a100bad6870460090994c02cad875a" score = 75 @@ -59904,8 +60299,8 @@ rule ELASTIC_Windows_Trojan_Icedid_1Cd868A6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff" logic_hash = "4765b2b1d463f09d7e21367c2832b3ad668aa67d8078798a14295b6e6c846c1c" score = 75 @@ -59933,8 +60328,8 @@ rule ELASTIC_Windows_Trojan_Icedid_237E9Fb6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "31479eae077b2d78cb1770eef3b37bec941f35c9ceb329e01dd65a32e785fa74" score = 75 @@ -59962,8 +60357,8 @@ rule ELASTIC_Windows_Trojan_Icedid_F1Ce2F0A : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "a1f1824a7208201616dde40bea514dfc2cdf908bd8ed24b9f96c2bcad2c8107f" score = 75 @@ -59991,8 +60386,8 @@ rule ELASTIC_Windows_Trojan_Icedid_08530E24 : FILE MEMORY date = "2021-03-21" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "31db92c7920e82e49a968220480e9f130dea9b386083b78a79985b554ecdc6e4" logic_hash = "a63511edde9d873e184ddb4720b4752b0e7df4bdb2114b05c16f2ca0594eb6b8" score = 75 @@ -60033,8 +60428,8 @@ rule ELASTIC_Windows_Trojan_Icedid_11D24D35 : FILE MEMORY date = "2022-02-16" modified = "2022-04-06" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982" logic_hash = "4a5d0f37e3e80e370ae79fd45256dbd274ed8f8bcd021e8d6f95a0bc0bc5321f" score = 75 @@ -60063,8 +60458,8 @@ rule ELASTIC_Windows_Trojan_Icedid_0B62E783 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "aca126529dfa8047ed7dfdc60d970759ab5307448d7d764f88e402cd8d2a016f" score = 75 @@ -60092,8 +60487,8 @@ rule ELASTIC_Windows_Trojan_Icedid_91562D18 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "81c87d0d6726bc2dde42fe93c77af53cdd29bb6437fe3d47d1b4550140722c88" score = 75 @@ -60121,8 +60516,8 @@ rule ELASTIC_Windows_Trojan_Icedid_2086Aecb : FILE MEMORY date = "2022-04-06" modified = "2022-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "561bf7eacfbbf1b4e0c111347f0d6ff4325bdbce8db73bee1ba836b610569c0d" score = 75 @@ -60150,8 +60545,8 @@ rule ELASTIC_Windows_Trojan_Icedid_48029E37 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "1fe337d7a0607938aaf57cf25c1373aadf315b7a8cec133d6d30a38bd58e1027" score = 75 @@ -60179,8 +60574,8 @@ rule ELASTIC_Windows_Trojan_Icedid_56459277 : FILE MEMORY date = "2022-08-21" modified = "2023-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "21b1a635db2723266af4b46539f67253171399830102167c607c6dbf83d6d41c" logic_hash = "a18557217c69a3bb8c3da7725d2e0ed849741f8e36341a4ea80eea09d47a5b45" score = 75 @@ -60219,8 +60614,8 @@ rule ELASTIC_Windows_Trojan_Icedid_7C1619E3 : FILE MEMORY date = "2022-12-20" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4f6de748628b8b06eeef3a5fabfe486bfd7aaa92f50dc5a8a8c70ec038cd33b1" logic_hash = "24ddaf474dabc5e91cce08734a035feced9048a3faac4ff236bc97e6caabd642" score = 75 @@ -60251,8 +60646,8 @@ rule ELASTIC_Windows_Trojan_Icedid_D8B23Cd6 : FILE MEMORY date = "2023-01-03" modified = "2023-01-03" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd4da2f84c29437bc7efe9599a3a41f574105d449ac0d9b270faaca8795153ab" logic_hash = "47e427a4f088de523115f438cad9fc26233158b0518d87703c282df351110762" score = 75 @@ -60292,8 +60687,8 @@ rule ELASTIC_Windows_Trojan_Icedid_A2Ca5F80 : FILE MEMORY date = "2023-01-16" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e36266cd66b9542f2eb9d38f9a01f7b480f2bcdbe61fe20944dca33e22bd3281" score = 75 quality = 75 @@ -60329,8 +60724,8 @@ rule ELASTIC_Windows_Trojan_Icedid_B8C59889 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a63d08cd53053bfda17b8707ab3a94cf3d6021097335dc40d5d211fb9faed045" logic_hash = "08c6c604d1791c35a8494e5ec8a96e8c5dd2ca3d6c57971da20057ce8960fa1d" score = 75 @@ -60363,8 +60758,8 @@ rule ELASTIC_Windows_Trojan_Icedid_81Eff9A3 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96dacdf50d1db495c8395d7cf454aa3a824801cf366ac368fe496f89b5f98fe7" logic_hash = "923dd8166cce0ec32b3b8b20cad192b3c15b7ce7c17fd44ddda739ad205a6c06" score = 75 @@ -60393,8 +60788,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_8859E8E8 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9" logic_hash = "72cc718724d9d9a391a9f7a0932ebf397c2ab79558437533bef6e380b06baff9" score = 75 @@ -60435,8 +60830,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_4B668121 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0" logic_hash = "00c7a492c304f12b9909e35cf069618a1103311a69e3e8951ca196c3c663b12a" score = 75 @@ -60471,8 +60866,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_D9391A1A : FILE MEMORY date = "2021-05-03" modified = "2023-01-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "10887d13dba1f83ef34e047455a04416d25a83079a7f3798ce3483e0526e3768" logic_hash = "074ca47c0526d9828f3c07c7d6dbdd1cec609670d70340b022ae2c712ad80305" score = 75 @@ -60501,8 +60896,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_5F92F226 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53" logic_hash = "e7ade7aec563c1dc602dfd7fda8c063058f47ae2a915959468792fce389b38f1" score = 75 @@ -60532,8 +60927,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_84D508Ad : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495" logic_hash = "a3e1b41155c7dd347976a1057cb763ab60c50c34e981fef050bd54f060a412fc" score = 75 @@ -60563,8 +60958,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_E64A16B1 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e" logic_hash = "915425ad49f1b9ebde114f92155d5969ec707304403f46d891d014b399165a4d" score = 75 @@ -60593,8 +60988,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_95A98E69 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00f18713f860dc8394fb23a1a2b6280d1eb2f20a487c175433a7b495a1ba408d" logic_hash = "d17ef93943e826613be4c21ad1e41d1daa33db9da0fa6106bb8ba6334ebe1d08" score = 75 @@ -60624,8 +61019,8 @@ rule ELASTIC_Multi_Hacktool_Rakshasa_D5D3Ef21 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ccfa30a40445d5237aaee1e015ecfcd9bdbe7665a6dc2736b28e5ebf07ec4597" logic_hash = "123cbea0ce02012a9b22a4a241d11aa9acbb58b50a1bd9228da7cadbf0fa1b4e" score = 75 @@ -60657,8 +61052,8 @@ rule ELASTIC_Windows_Trojan_Sythe_02B2811A : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2d54a8ba40cc9a1c74db7a889bc75a38f16ae2d025268aa07851c1948daa1b4d" logic_hash = "ba472b35f583dd4cf125df575129d07de289d6d7dc12ecdcc518ce1eb9f18def" score = 75 @@ -60689,8 +61084,8 @@ rule ELASTIC_Windows_Hacktool_Executeassembly_F41F4Df6 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a468ba2ba77aafa2a572c8947d414e74604a7c1c6e68a0b87fbfce4f8854dd61" logic_hash = "ab72dec636a96338e16fd57f2db4bb52e38fe61315b42c2ffe9c4566fc0326d3" score = 75 @@ -60719,8 +61114,8 @@ rule ELASTIC_Windows_Trojan_Modpipe_12Bc2604 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0a26de1b2fb48d65cde61b60c0eba478da73a3eeaeb785d1b2d6095eccbe34e2" score = 75 quality = 75 @@ -60750,8 +61145,8 @@ rule ELASTIC_Macos_Trojan_Adload_4995469F : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6464ca7b36197cccf0dac00f21c43f0cb09f900006b1934e2b3667b367114de5" logic_hash = "cceb804a11b93b0e3f491016c47a823d9e6a31294c3ed05d4404601323b30993" score = 75 @@ -60779,8 +61174,8 @@ rule ELASTIC_Macos_Trojan_Adload_9B9F86C7 : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "952e6004ce164ba607ac7fddc1df3d0d6cac07d271d90be02d790c52e49cb73c" logic_hash = "82297db23e036f22c90eee7b2654e84df847eb1c2b1ea4dcf358c48a14819709" score = 75 @@ -60808,8 +61203,8 @@ rule ELASTIC_Macos_Trojan_Adload_F6B18A0A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "06f38bb811e6a6c38b5e2db708d4063f4aea27fcd193d57c60594f25a86488c8" logic_hash = "20d43fbf0b8155940e2e181f376a7b1979ce248d88dc08409aaa1a916777231c" score = 75 @@ -60837,8 +61232,8 @@ rule ELASTIC_Linux_Trojan_Connectback_Bf194C93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6784cb86460bddf1226f71f5f5361463cbda487f813d19cd88e8a4a1eb1a417b" logic_hash = "148626e05caee4a2b2542726ea4e4dab074eeab0572a65fdbd32f5d96544daf8" score = 75 @@ -60866,8 +61261,8 @@ rule ELASTIC_Linux_Exploit_CVE_2014_3153_1C1E02Ad : FILE MEMORY CVE_2014_3153 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "64b8c61b73f0c0c0bd44ea5c2bcfb7b665fcca219dbe074a4a16ae20cd565812" logic_hash = "42e9de7f306343c4c3e7fd02b414b429faacb837fb2910f98f0c1519da40074c" score = 75 @@ -60895,8 +61290,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3Ac2C13C : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "3fa7c506010a87ac97f415db32c21af091dff26fd912a8f9f5bb5e8d43a8da9e" score = 75 @@ -60924,8 +61319,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3E388338 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "5a6e5fd725f3d042c0c95b42ad00c93965a49aa6bda6ec5383a239f18d74742e" score = 75 @@ -60958,8 +61353,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_Fa1F1338 : FILE MEMORY date = "2023-12-14" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "d5447a57fc57af52c263b84522346a3e94a464a698de8be77eab3b56156164f2" score = 75 @@ -60989,8 +61384,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_07Ef6F14 : FILE MEMORY date = "2023-12-14" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "2820286b362b107fc7fc3ec8f1a004a7d7926a84318f2943f58239f1f7e8f1f0" score = 75 @@ -61019,8 +61414,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_Ea0140A1 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "e2c05e2c92444d7bcb2bf68e97f809072d2ccdc8a171214d2e7a498b20d08f90" score = 75 @@ -61048,8 +61443,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_97D7575B : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "9c85f98aaae28e9e90a94d6ce18389467013ea6b569f46f6acaf26a6c7e027fc" score = 75 @@ -61077,8 +61472,8 @@ rule ELASTIC_Macos_Infostealer_Encodedosascript_Eeb54A7E : FILE MEMORY date = "2024-08-19" modified = "2024-08-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Macos_Infostealer_EncodedOsascript.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Macos_Infostealer_EncodedOsascript.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05" logic_hash = "2f450c9afd92f52cdd8333e39e41b7334a01ddc39371c118260820a878359742" score = 75 @@ -61108,8 +61503,8 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY date = "2024-03-30" modified = "2024-04-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049" logic_hash = "c777171c36d9369ade7bf44c7cc4e5aee16bb4c803431bc480cc0f8ebb2819c0" score = 75 @@ -61141,8 +61536,8 @@ rule ELASTIC_Windows_Ransomware_Pandora_Bca8Ce23 : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "52203c1af994667ba6833defe547e886dd02167e4d76c57711080e3be0473bfc" score = 75 @@ -61172,8 +61567,8 @@ rule ELASTIC_Macos_Backdoor_Applejeus_31872Ae2 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55" logic_hash = "1d6f06668a7d048a93e53b294c5ab8ffe4cd610f3bef3fd80f14425ef8a85a29" score = 75 @@ -61201,8 +61596,8 @@ rule ELASTIC_Windows_Ransomware_Haron_A1C12E7E : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "84df5a13495acee5dc2007cf1d6e1828a832d46fcbad2ca8676643fd47756248" score = 75 @@ -61231,8 +61626,8 @@ rule ELASTIC_Windows_Ransomware_Haron_23B76Cb7 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "e53c92be617444da0057680ee1ac45cbc1f707194281644bececa44e4ebe3580" score = 75 @@ -61261,8 +61656,8 @@ rule ELASTIC_Windows_Trojan_Oskistealer_A158B1E3 : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "568cd515c9a3bce7ef21520761b02cbfc95d8884d5b2dc38fc352af92356c694" logic_hash = "0ddbe0b234ed60f5a3fc537cdaebf39f639ee24fd66143c9036a9f4786d4c51b" score = 75 @@ -61294,8 +61689,8 @@ rule ELASTIC_Linux_Exploit_Pulse_2Bea17E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "bc71efa6cc79171666d89fe3e755411ee8032f56ae5bd73e0de440eee5b718ab" score = 75 @@ -61323,8 +61718,8 @@ rule ELASTIC_Linux_Exploit_Pulse_246E6F31 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "f6755f10863b78303899cefcd81f609884fbbf2dffabd9219686ed869f2cc7e3" score = 75 @@ -61352,8 +61747,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6660D29F : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4c12eaa44f82c6f729e51242c9c1836eb1856959c682e2d2e21b975104c197b6" score = 75 quality = 75 @@ -61382,8 +61777,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6Ab188Da : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "429c87d293b7f517a594e8be020cbe7f8302a8b6eb8337f090ca18973aafbde4" score = 75 quality = 75 @@ -61411,8 +61806,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_4Fb1A155 : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "eb041a836b2bc73312a2f87523d817d5274f3d43d3e5fe6aacfad1399c61a9de" score = 75 quality = 75 @@ -61440,8 +61835,8 @@ rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01" logic_hash = "053a6abe589db23c4b9baed24729c8bcdd9019535fd0d9efc60ab4035c9779f3" score = 75 @@ -61469,8 +61864,8 @@ rule ELASTIC_Linux_Trojan_Godlua_Ed8E6228 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "848ef3b198737f080f19c5fa55dfbc31356427398074f9125c65cb532c52ce7a" score = 75 quality = 75 @@ -61497,8 +61892,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_F24023F3 : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5695b44f6ce018a91a99b6c94feae740ff4ac187e232bc9044e51d62d1f42bfa" score = 75 quality = 75 @@ -61531,8 +61926,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_4Ec2B90C : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8342d92e1486b1289645828e5ee5f1f6f21a0e645dd7cc4eca908ed59c2f1c4c" score = 75 quality = 73 @@ -61562,8 +61957,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "14ca15c0751207103c38f1a2f8fdc73e5dd3d58772f6e5641e54e0c790ecd132" logic_hash = "bf374bda2ca7c7bcec1ff092bbc9c3fd95c33faa78a6ea105a7b12b8e80a2e23" score = 75 @@ -61606,8 +62001,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_A07E395C : FILE MEMORY date = "2024-10-23" modified = "2024-10-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MetaStealer.yar#L36-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MetaStealer.yar#L36-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "973a9056040af402d6f92f436a287ea164fae09c263f80aba0b8d5366ed9957a" logic_hash = "2464cf1dc5747c93598354329371ea6111c3cbf34a6db83076c9465b867a0e47" score = 75 @@ -61637,8 +62032,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerysecret_5535Ab96 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Infostealer_MdQuerySecret.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Infostealer_MdQuerySecret.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c755e617b9dd41505bb225ea836ecdde8f3f6f9ab7ae79697e6d85190e206c41" score = 75 quality = 71 @@ -61666,8 +62061,8 @@ rule ELASTIC_Windows_Generic_Threat_Bc6Ae28D : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ce00873eb423c0259c18157a07bf7fd9b07333e528a5b9d48be79194310c9d97" logic_hash = "0ca5ec945858a5238eac048520dea4597f706ad2c96be322d341c84c4ddbce33" score = 75 @@ -61695,8 +62090,8 @@ rule ELASTIC_Windows_Generic_Threat_Ce98C4Bc : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "950e8a29f516ef3cf1a81501e97fbbbedb289ad9fb93352edb563f749378da35" logic_hash = "74914f41c03cb2dcb1dc3175cc76574a0d40b66a1a3854af8f50c9858704b66b" score = 75 @@ -61725,8 +62120,8 @@ rule ELASTIC_Windows_Generic_Threat_0Cc1481E : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6ec7781e472a6827c1406a53ed4699407659bd57c33dd4ab51cabfe8ece6f23f" logic_hash = "1a094cf337cb85aa4b7d1d2025571ab0661a7be1fd03d53d8c7370a90385f38c" score = 75 @@ -61754,8 +62149,8 @@ rule ELASTIC_Windows_Generic_Threat_2507C37C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L62-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L62-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "04296258f054a958f0fd013b3c6a3435280b28e9a27541463e6fc9afe30363cc" logic_hash = "8c5ea1290260993ea5140baa4645f3fd0ebb4d43fce0e9a25f8e8948e683aec1" score = 75 @@ -61783,8 +62178,8 @@ rule ELASTIC_Windows_Generic_Threat_E052D248 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L82-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L82-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ed2bbc0d120665044aacb089d8c99d7c946b54d1b08a078aebbb3b91f593da6e" logic_hash = "1a16ce6d1c6707560425156e625ad19a82315564b3f03adafbcc3e65b0e98a6d" score = 75 @@ -61812,8 +62207,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb7Fbe3 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L102-L120" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L102-L120" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "65cc8704c0e431589d196eadb0ac8a19151631c8d4ab7375d7cb18f7b763ba7b" logic_hash = "36e1ab766e09e8d06b9179f67a1cb842ba257f140610964a941fb462ed3e803c" score = 75 @@ -61841,8 +62236,8 @@ rule ELASTIC_Windows_Generic_Threat_994F2330 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L122-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L122-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0a30cb09c480a2659b6f989ac9fe1bfba1802ae3aad98fa5db7cdd146fee3916" logic_hash = "ace99deae7f5faa22f273ec4fe45ef07f03acd1ae4d9c0f18687ef6cf5b560c2" score = 75 @@ -61870,8 +62265,8 @@ rule ELASTIC_Windows_Generic_Threat_Bf7Aae24 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L142-L160" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L142-L160" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6dfc63894f15fc137e27516f2d2a56514c51f25b41b00583123142cf50645e4e" logic_hash = "b6dfa6f4c46bddd643f2f89f6275404c19fd4ed1bbae561029fffa884e99e167" score = 75 @@ -61899,8 +62294,8 @@ rule ELASTIC_Windows_Generic_Threat_D542E5A5 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L162-L180" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L162-L180" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3fc4ae7115e0bfa3fc6b75dcff867e7bf9ade9c7f558f31916359d37d001901b" logic_hash = "3c16c02d4fc6e019f0ab0ff4daad61f59275afd8fb3ee263b1b59876233a686e" score = 75 @@ -61928,8 +62323,8 @@ rule ELASTIC_Windows_Generic_Threat_8D10790B : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L182-L200" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L182-L200" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "911535923a5451c10239e20e7130d371e8ee37172e0f14fc8cf224d41f7f4c0f" logic_hash = "84c017abbce1c8702efbe8657e5a857ae222721b0db2260dc814652f4528df26" score = 75 @@ -61957,8 +62352,8 @@ rule ELASTIC_Windows_Generic_Threat_347F9F54 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L202-L220" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L202-L220" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45a051651ce1edddd33ecef09bb0fbb978adec9044e64f786b13ed81cabf6a3f" logic_hash = "63df388393a45ffec68ba01ae6d7707b6d5277e0162ded6e631c1f76ad76b711" score = 75 @@ -61986,8 +62381,8 @@ rule ELASTIC_Windows_Generic_Threat_20469956 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L222-L240" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L222-L240" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a1f2923f68f5963499a64bfd0affe0a729f5e7bd6bcccfb9bed1d62831a93c47" logic_hash = "da351bec0039a32bb9de1d8623ab3dc26eb752d30a64e613de96f70e1b1c2463" score = 75 @@ -62015,8 +62410,8 @@ rule ELASTIC_Windows_Generic_Threat_742E8A70 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L242-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L242-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "94f7678be47651aa457256375f3e4d362ae681a9524388c97dc9ed34ba881090" logic_hash = "2925eb8da80ef791b5cf7800a9bf9462203ab6aa743bc69f4fd2343e97eaab7c" score = 75 @@ -62044,8 +62439,8 @@ rule ELASTIC_Windows_Generic_Threat_79174B5C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L262-L280" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L262-L280" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c15118230059e85e7a6b65fe1c0ceee8997a3d4e9f1966c8340017a41e0c254c" logic_hash = "06a2f0613719f1273a6b3f62f248c22b1cab2fe6054904619e3720f3f6c55e2e" score = 75 @@ -62073,8 +62468,8 @@ rule ELASTIC_Windows_Generic_Threat_232B71A9 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L282-L300" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L282-L300" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1e8b34da2d675af96b34041d4e493e34139fc8779f806dbcf62a6c9c4d9980fe" logic_hash = "c3bef1509c0d0172dbbc7e0e2b5c69e5ec47dc22365d98a914002b53b0f7d918" score = 75 @@ -62102,8 +62497,8 @@ rule ELASTIC_Windows_Generic_Threat_D331D190 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L302-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L302-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6d869d320d977f83aa3f0e7719967c7e54c1bdae9ae3729668d755ee3397a96f" logic_hash = "901601c892d709fa596c44df1fbe7772a9f20576c71666570713bf96727a809b" score = 75 @@ -62131,8 +62526,8 @@ rule ELASTIC_Windows_Generic_Threat_24191082 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L322-L340" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L322-L340" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4d20878c16d2b401e76d8e7c288cf8ef5aa3c8d4865f440ee6b44d9f3d0cbf33" logic_hash = "a5ea76032a9c189f923d91cd03deb44bd61868e5ad6081afe63249156cbd8927" score = 75 @@ -62160,8 +62555,8 @@ rule ELASTIC_Windows_Generic_Threat_Efdb9E81 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L342-L361" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L342-L361" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1c3302b14324c9f4e07829f41cd767ec654db18ff330933c6544c46bd19e89dd" logic_hash = "eae78b07f6c31e3a30ae041a27c67553bb8ea915bc7724583d78832475021955" score = 75 @@ -62190,8 +62585,8 @@ rule ELASTIC_Windows_Generic_Threat_34622A35 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L363-L381" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L363-L381" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c021c6adca0ddf38563a13066a652e4d97726175983854674b8dae2f6e59c83f" logic_hash = "2b49bd5d3a18307a46f44d9dfeea858ddaa6084f86f96b83b874cee7603e1c11" score = 75 @@ -62219,8 +62614,8 @@ rule ELASTIC_Windows_Generic_Threat_0Ff403Df : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L383-L401" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L383-L401" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f" logic_hash = "38bdd9b6f61ab4bb13abc7af94e92151928df95ade061756611218104e7245fd" score = 75 @@ -62248,8 +62643,8 @@ rule ELASTIC_Windows_Generic_Threat_B1F6F662 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L403-L423" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L403-L423" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b7eaef3cf1bb8021a00df092c829932cccac333990db1c5dac6558a5d906400" logic_hash = "e52ff1eaee00334e1a07367bf88f3907bb0b13035717683d9d98371b92bc45c0" score = 75 @@ -62279,8 +62674,8 @@ rule ELASTIC_Windows_Generic_Threat_2C80562D : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L425-L445" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L425-L445" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ee8decf1e8e5a927e3a6c10e88093bb4b7708c3fd542d98d43f1a882c6b0198e" logic_hash = "07487ae646ac81b94f940c8d3493dbee023bce687297465fe09375f40dff0fb2" score = 75 @@ -62310,8 +62705,8 @@ rule ELASTIC_Windows_Generic_Threat_E96F9E97 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L447-L465" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L447-L465" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bfbab69e9fc517bc46ae88afd0603a498a4c77409e83466d05db2797234ea7fc" logic_hash = "1dcf81b8982425ff74107b899e85e2432f0464554e923f85a7555cda65293b54" score = 75 @@ -62339,8 +62734,8 @@ rule ELASTIC_Windows_Generic_Threat_005Fd471 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L467-L487" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L467-L487" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "502814ed565a923da15626d46fde8cc7fd422790e32b3cad973ed8ec8602b228" logic_hash = "10493253a6b2ce3141ee980e0607bdbba72580bb4a076f2f4636e9665ffc6db8" score = 75 @@ -62370,8 +62765,8 @@ rule ELASTIC_Windows_Generic_Threat_54B0Ec47 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L489-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L489-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9c14203069ff6003e7f408bed71e75394de7a6c1451266c59c5639360bf5718c" logic_hash = "e3d74162a8874fe05042fec98d25b8db50e7f537566fd9f4e40f92bfe868259a" score = 75 @@ -62400,8 +62795,8 @@ rule ELASTIC_Windows_Generic_Threat_Acf6222B : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ce0def96be08193ab96817ce1279e8406746a76cfcf4bf44e394920d7acbcaa6" logic_hash = "a284b6c163dbc022bd36f19fbc1d7ff70143bee566328ad23e7b8b79abd39e91" score = 75 @@ -62429,8 +62824,8 @@ rule ELASTIC_Windows_Generic_Threat_5E718A0C : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L530-L548" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L530-L548" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "430b9369b779208bd3976bd2adc3e63d3f71e5edfea30490e6e93040c1b3bac6" logic_hash = "45068afeda7abae0fe922a21f8f768b6c74a6e0f8e9e8b1f68c3ddf92940bf9a" score = 75 @@ -62458,8 +62853,8 @@ rule ELASTIC_Windows_Generic_Threat_Fac6D993 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L550-L568" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L550-L568" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e7c88e72cf0c1f4cbee588972fc1434065f7cc9bd95d52379bade1b8520278" logic_hash = "3486793324dbe43c908432e1956bbbdb870beb4641da46b3786581fd3e78811a" score = 75 @@ -62487,8 +62882,8 @@ rule ELASTIC_Windows_Generic_Threat_E7Eaa4Ca : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L570-L587" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L570-L587" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "600da0c88dc0606e05f60ecd3b9a90469eef8ac7a702ef800c833f7fd17eb13e" score = 75 quality = 75 @@ -62515,8 +62910,8 @@ rule ELASTIC_Windows_Generic_Threat_97703189 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L589-L607" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L589-L607" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "968ba3112c54f3437b9abb6137f633d919d75137d790af074df40a346891cfb5" logic_hash = "318bc82d49e9a3467ec0e0086aaf1092d2aa7c589b5f16ce6fbb3778eda7ef0b" score = 75 @@ -62544,8 +62939,8 @@ rule ELASTIC_Windows_Generic_Threat_Ca0686E1 : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L609-L627" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L609-L627" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15c7ce1bc55549efc86dea74a90f42fb4665fe15b14f760037897c772159a5b5" logic_hash = "12b2ff66d1be6e2d27f24489b389b5c84660921e8de41653b2b425077cc87669" score = 75 @@ -62573,8 +62968,8 @@ rule ELASTIC_Windows_Generic_Threat_97C1A260 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L629-L647" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L629-L647" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2cc85ebb1ef07948b1ddf1a793809b76ee61d78c07b8bf6e702c9b17346a20f1" logic_hash = "5bd84cbdd4ba699c9e9d87e684071342b23138538bd83ffea8c524fcee26a59b" score = 75 @@ -62602,8 +62997,8 @@ rule ELASTIC_Windows_Generic_Threat_A440F624 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L649-L668" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L649-L668" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3564fec3d47dfafc7e9c662654865aed74aedeac7371af8a77e573ea92cbd072" logic_hash = "23c759a0db5698b28a69232077a6b714f71e8eaa069d2f02a7d3efc48b178a2b" score = 75 @@ -62632,8 +63027,8 @@ rule ELASTIC_Windows_Generic_Threat_B577C086 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L670-L688" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L670-L688" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "27dd61d4d9997738e63e813f8b8ea9d5cf1291eb02d20d1a2ad75ac8aa99459c" logic_hash = "a7684340171415ee01e855706192cdffcccd6c82362707229b2c1d096f87dfa8" score = 75 @@ -62661,8 +63056,8 @@ rule ELASTIC_Windows_Generic_Threat_62E1F5Fc : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L690-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L690-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4a692e244a389af0339de8c2d429b541d6d763afb0a2b1bb20bee879330f2f42" logic_hash = "76e21746ee396f13073b3db1e876246f01cef547d312691dff3dc895ea3a2b82" score = 75 @@ -62692,8 +63087,8 @@ rule ELASTIC_Windows_Generic_Threat_55D6A1Ab : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L712-L731" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L712-L731" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ca6ed610479b5aaaf193a2afed8f2ca1e32c0c5550a195d88f689caab60c6fb" logic_hash = "4f3a0b2e45ae4e6a00f137798b700a0925fa6eb19ea6b871d7eeb565548888ba" score = 75 @@ -62722,8 +63117,8 @@ rule ELASTIC_Windows_Generic_Threat_F7D3Cdfd : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L733-L751" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L733-L751" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f9df83d0b0e06884cdb4a02cd2091ee1fadeabb2ea16ca34cbfef4129ede251f" logic_hash = "23e1008f222eb94a4bd34372834924377e813dc76efa8544b0dcbe7d3e3addde" score = 75 @@ -62751,8 +63146,8 @@ rule ELASTIC_Windows_Generic_Threat_0350Ed31 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L753-L771" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L753-L771" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "008f9352765d1b3360726363e3e179b527a566bc59acecea06bd16eb16b66c5d" logic_hash = "149dd26466f47b2e7f514bdcc9822470334490da2898840f35fe6b537ce104f6" score = 75 @@ -62780,8 +63175,8 @@ rule ELASTIC_Windows_Generic_Threat_A1Cef0Cd : FILE MEMORY date = "2024-01-08" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L773-L791" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L773-L791" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "71f519c6bd598e17e1298d247a4ad37b78685ca6fd423d560d397d34d16b7db8" logic_hash = "2772906e3a8a088e7c6ea1370af5e5bbe2cbae4f49de9b939524e317be8ddde4" score = 75 @@ -62809,8 +63204,8 @@ rule ELASTIC_Windows_Generic_Threat_E5F4703F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L793-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L793-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "362bda1fad3fefce7d173617909d3c1a0a8e234e22caf3215ee7c6cef6b2743b" logic_hash = "f81476d5e5a9bcb42b32d6ec3d4b620165f2878c50691ecf59ef6f34b6ad9d1b" score = 75 @@ -62838,8 +63233,8 @@ rule ELASTIC_Windows_Generic_Threat_8B790Aba : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L813-L832" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L813-L832" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ec98bfff01d384bdff6bbbc5e17620b31fa57c662516157fd476ef587b8d239e" logic_hash = "8a0b2af3d0c95466ca138dfcc3d6f6a702ec92f5cd4f791b1200c79ffd973840" score = 75 @@ -62868,8 +63263,8 @@ rule ELASTIC_Windows_Generic_Threat_76A7579F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L834-L852" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L834-L852" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "76c73934bcff7e4ee08b068d1e02b8f5c22161262d127de2b4ac2e81d09d84f6" logic_hash = "08ed2d318e7154195911aaf3705626307b48a54aa195eaa054ec53766d3e198d" score = 75 @@ -62897,8 +63292,8 @@ rule ELASTIC_Windows_Generic_Threat_3F060B9C : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L854-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L854-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "32e7a40b13ddbf9fc73bd12c234336b1ae11e2f39476de99ebacd7bbfd22fba0" logic_hash = "193583f63f22452f96c8372fdc9ef04e2a684f847564a7fe75145ea30d426901" score = 75 @@ -62926,8 +63321,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbae6542 : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L874-L892" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L874-L892" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c73f533f96ed894b9ff717da195083a594673e218ee9a269e360353b9c9a0283" logic_hash = "673c6b4e6aaa127d45b21d0283437000fbc507a84ecd7a326448869d63759aee" score = 75 @@ -62955,8 +63350,8 @@ rule ELASTIC_Windows_Generic_Threat_808F680E : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L894-L912" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L894-L912" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "df6955522532e365239b94e9d834ff5eeeb354eec3e3672c48be88725849ac1c" logic_hash = "22d91a87c01b401d4a203fbabb93a9b45fd6d8819125c56d9c427449b06d2f84" score = 75 @@ -62984,8 +63379,8 @@ rule ELASTIC_Windows_Generic_Threat_073909Cf : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L914-L932" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L914-L932" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "89a6dc518c119b39252889632bd18d9dfdae687f7621310fb14b684d2f85dad8" logic_hash = "5b42a74010549c884ff85a67b9add6b82a8109a953473cc1439581976f8f545e" score = 75 @@ -63013,8 +63408,8 @@ rule ELASTIC_Windows_Generic_Threat_820Fe9C9 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L934-L952" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L934-L952" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1102a499b8a863bdbfd978a1d17270990e6b7fe60ce54b9dd17492234aad2f8c" logic_hash = "81a1359bd5781e1eefb6ae06c6b2ad9e94cc6318c1f81f84c06f0b236b6e84d1" score = 75 @@ -63042,8 +63437,8 @@ rule ELASTIC_Windows_Generic_Threat_89Efd1B4 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L954-L972" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L954-L972" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "937c8bc3c89bb9c05b2cb859c4bf0f47020917a309bbadca36236434c8cdc8b9" logic_hash = "49a7875fd9c31c5c9b593aed75a28fadb586294422b75c7a8eeba2e8ff254753" score = 75 @@ -63071,8 +63466,8 @@ rule ELASTIC_Windows_Generic_Threat_61315534 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L974-L992" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L974-L992" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "819447ca71080f083b1061ed6e333bd9ef816abd5b0dd0b5e6a58511ab1ce8b9" logic_hash = "0fdfe3bb6ebdaac4324a45dac8680f00684d0030419f26f3f72ed002bf5a2a34" score = 75 @@ -63100,8 +63495,8 @@ rule ELASTIC_Windows_Generic_Threat_Eab96Cf2 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L994-L1012" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L994-L1012" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2be8a2c524f1fb2acb2af92bc56eb9377c4e16923a06f5ac2373811041ea7982" logic_hash = "cc1dfc2c9c5e1fbc6282342dfbf3a6c834fa56fb6fc46569a24fa78535c5845f" score = 75 @@ -63129,8 +63524,8 @@ rule ELASTIC_Windows_Generic_Threat_11A56097 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "42f955c079752c787ac70682bc41fa31f3196d30051d7032276a0d4279d59d58" score = 75 @@ -63159,8 +63554,8 @@ rule ELASTIC_Windows_Generic_Threat_F3Bef434 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "efba0e1fbe6562a9aeaac23b851c31350e4ac6551e505be4986bddade92ca303" score = 75 @@ -63188,8 +63583,8 @@ rule ELASTIC_Windows_Generic_Threat_C6F131C5 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "247314baaaa993b8db9de7ef0e2998030f13b99d6fd0e17ffd59e31a8d17747a" logic_hash = "5702a77fee0cd564916abdbfedf76d069bb7a5b6de0c4623150991d52dc02e42" score = 75 @@ -63217,8 +63612,8 @@ rule ELASTIC_Windows_Generic_Threat_B2A054F8 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "63d2478a5db820731a48a7ad5a20d7a4deca35c6b865a17de86248bef7a64da7" logic_hash = "f64b1666f78646322a4c37dc887d8fcfdb275b0bca812e360579cefd9e323c02" score = 75 @@ -63248,8 +63643,8 @@ rule ELASTIC_Windows_Generic_Threat_Fcab7E76 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "67d7e016e401bd5d435eecaa9e8ead341aed2f373a1179069f53b64bda3f1f56" logic_hash = "90f50d1227b8e462eaa393690dc2b25601444bf80f2108445a0413bff6bedae8" score = 75 @@ -63277,8 +63672,8 @@ rule ELASTIC_Windows_Generic_Threat_90E4F085 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1a6a290d98f5957d00756fc55187c78030de7031544a981fd2bb4cfeae732168" logic_hash = "2afeae6de965ae155914dcedbfe375327a9fca3b42733c23360dd4fddfcc8a3d" score = 75 @@ -63308,8 +63703,8 @@ rule ELASTIC_Windows_Generic_Threat_04A9C177 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0cccdde4dcc8916fb6399c181722eb0da2775d86146ce3cb3fc7f8cf6cd67c29" logic_hash = "ca7cf71228b1e13ec05c62cd9924ea5089fdf903d8ea4a5151866996ea81e01e" score = 75 @@ -63337,8 +63732,8 @@ rule ELASTIC_Windows_Generic_Threat_45D1E986 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "d53a4d189b9a49f9b6477e12bce0d41e62827306d1df79e6494ab67669d84f35" score = 75 @@ -63366,8 +63761,8 @@ rule ELASTIC_Windows_Generic_Threat_83C38E63 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2121a0e5debcfeedf200d7473030062bc9f5fbd5edfdcd464dfedde272ff1ae7" logic_hash = "89d4036290a29b372918205bba85698d6343109503766cbb13999b5177fc3152" score = 75 @@ -63396,8 +63791,8 @@ rule ELASTIC_Windows_Generic_Threat_Bd24Be68 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "8536593696930d03f1e62586886f0df5438d13fb796b4605df7ad67d9633d5f9" score = 75 @@ -63425,8 +63820,8 @@ rule ELASTIC_Windows_Generic_Threat_A0C7B402 : FILE MEMORY date = "2024-01-16" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5814d7712304800d92487b8e1108d20ad7b44f48910b1fb0a99e9b36baa4333a" logic_hash = "d0aa75debbefb301b9fc46ceca4944ae8c4b009118214a9589440b59089b853e" score = 75 @@ -63454,8 +63849,8 @@ rule ELASTIC_Windows_Generic_Threat_42B3E0D7 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "99ad416b155970fda383a63fe61de2e4d0254e9c9e09564e17938e8e2b49b5b7" logic_hash = "58b4c667b6d796f4525afeb706394f593d03393e3a48e2a0b7664f121e6a78fe" score = 75 @@ -63483,8 +63878,8 @@ rule ELASTIC_Windows_Generic_Threat_66142106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cd164a65fb2a496ad7b54c782f25fbfca0540d46d2c0d6b098d7be516c4ce021" logic_hash = "bf5d8db3ed6d2abc3158b04e904351250bf17a6d766e31769b3c5a6e534165b0" score = 75 @@ -63512,8 +63907,8 @@ rule ELASTIC_Windows_Generic_Threat_51A1D82B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1a7adde856991fa25fac79048461102fba58cda9492d4f5203b817d767a81018" logic_hash = "2d6b0560e1980deb6aad8e0902d065eeda406506b70bb8bb27c7fa58be9842f8" score = 75 @@ -63541,8 +63936,8 @@ rule ELASTIC_Windows_Generic_Threat_Dee3B4Bf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c7f4b63fa5c7386d6444c0d0428a8fe328446efcef5fda93821f05e86efd2fba" logic_hash = "cfd7f9250ab44ffe12b62f84ae753032642d9aa2524d88a6d4d989a2afa043a3" score = 75 @@ -63570,8 +63965,8 @@ rule ELASTIC_Windows_Generic_Threat_Fdbcd3F2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9258e4fe077be21ad7ae348868f1ac6226f6e9d404c664025006ab4b64222369" logic_hash = "ca9136ca44a61795cca44ac9bb0494fdc34c08d6578603ba3be3582956f4a98f" score = 75 @@ -63599,8 +63994,8 @@ rule ELASTIC_Windows_Generic_Threat_B7852Ccf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5ac70fa959be4ee37c0c56f0dd04061a5fed78fcbde21b8449fc93e44a8c133a" logic_hash = "4d5c29cceaacfda0c41bcd13cf95e90397b1b6c0c6beeb19b9184f435c8669b9" score = 75 @@ -63630,8 +64025,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C8F21A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9a102873dd37d08f53dcf6b5dad2555598a954d18fb3090bbf842655c5fded35" logic_hash = "b4d2b28fb2c9d46884b0b34f7821151b88891a8d881885c704e0e192cf7fca70" score = 75 @@ -63659,8 +64054,8 @@ rule ELASTIC_Windows_Generic_Threat_A3D51E0C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "18bd25df1025cd04b0642e507b0170bc1a2afba71b2dc4bd5e83cc487860db0d" logic_hash = "f128f6a037abb4af2c11605b182852146780be6451b3062a2914bedb5c286843" score = 75 @@ -63688,8 +64083,8 @@ rule ELASTIC_Windows_Generic_Threat_54Ccad4D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe4aad002722d2173dd661b7b34cdb0e3d4d8cd600e4165975c48bf1b135763f" logic_hash = "b9fb525be22dd2f235c3ac68688ced5298da45194ad032423689f5a085df6e31" score = 75 @@ -63719,8 +64114,8 @@ rule ELASTIC_Windows_Generic_Threat_6Ee18020 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d58d8f5a7efcb02adac92362d8c608e6d056824641283497b2e1c1f0e2d19b0a" logic_hash = "8a08973ae2ddde275e007686fc6eca831c1fb398b7221d5022da10f90da0e44d" score = 75 @@ -63748,8 +64143,8 @@ rule ELASTIC_Windows_Generic_Threat_8Eb547Db : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3fc821b63dfa653b86b11201073997fa4dc273124d050c2a7c267ac789d8a447" logic_hash = "73cabad0656c6b347def017b07138fdbdd5b41da5ccf7d701fea764669058f39" score = 75 @@ -63777,8 +64172,8 @@ rule ELASTIC_Windows_Generic_Threat_803Feff4 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8f150dfb13e4a2ff36231f873e4c0677b5db4aa235d8f0aeb41e02f7e31c1e05" logic_hash = "e22b8b208ff104e2843d897c425467f2f0ec0c586c4db578da90aeaef0209e1d" score = 75 @@ -63806,8 +64201,8 @@ rule ELASTIC_Windows_Generic_Threat_9C7D2333 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "85219f1402c88ab1e69aa99fe4bed75b2ad1918f4e95c448cdc6a4b9d2f9a5d4" logic_hash = "561290ebf3ca2a01914f514d63121be930e7a8c06cfc90ff4b8f0c7cef3408fe" score = 75 @@ -63835,8 +64230,8 @@ rule ELASTIC_Windows_Generic_Threat_747B58Af : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ee28e93412c59d63155fd79bc99979a5664c48dcb3c77e121d17fa985fcb0ebe" logic_hash = "fd6b36ca50c1017035474b491f716bfb0d53b181fce4b5478a57a1d1a6ddc3e7" score = 75 @@ -63866,8 +64261,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C4E847 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "86b37f0b2d9d7a810b5739776b4104f1ded3a1228c4ec2d104d26d8eb26aa7ba" logic_hash = "fa147abf7aa872f409e7684c4c60485fc58f57543062573526e56ff9866f8dfe" score = 75 @@ -63895,8 +64290,8 @@ rule ELASTIC_Windows_Generic_Threat_6542Ebda : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2073e51c7db7040c6046e36585873a0addc2bcddeb6e944b46f96c607dd83595" logic_hash = "30263341bf51a001503dfda9be5771d401bc5b5423682c29a6d4ebc457415d3e" score = 75 @@ -63924,8 +64319,8 @@ rule ELASTIC_Windows_Generic_Threat_1417511B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2fc9bd91753ff3334ef7f9861dc1ae79cf5915d79fa50f7104cbb3262b7037da" logic_hash = "e6b53082fa447ac3cf56784771aca742696922e6f740a24d014e04250dc5020c" score = 75 @@ -63953,8 +64348,8 @@ rule ELASTIC_Windows_Generic_Threat_7526F106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5a297c446c27a8d851c444b6b32a346a7f9f5b5e783564742d39e90cd583e0f0" logic_hash = "a0f9eb760be05196f0c5c3e3bf250929b48341a58a11c24722978fa19c4a9f57" score = 75 @@ -63983,8 +64378,8 @@ rule ELASTIC_Windows_Generic_Threat_Cbe3313A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ca2a28c851070b9bfe1f7dd655f2ea10ececef49276c998a1d2a1b48f84cef3" logic_hash = "41a731cefe0c8ee95f1db598b68a8860ef7ff06137ce94d0dd0b5c60c4240e85" score = 75 @@ -64012,8 +64407,8 @@ rule ELASTIC_Windows_Generic_Threat_779Cf969 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ef281230c248442c804f1930caba48f0ae6cef110665020139f826ab99bbf274" logic_hash = "ad0f2d78386abf4c6dc6b5a4a88b4dcf8e5bf8086b08bac91e5e00be9936e908" score = 75 @@ -64041,8 +64436,8 @@ rule ELASTIC_Windows_Generic_Threat_D568682A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d98bc52259e0625ec2f24078cf4ae3233e5be0ade8f97a80ca590a0f1418582" logic_hash = "97e172502037c7a5d66327fcc4a237e5548694fc7d73a535838ad56367f15d76" score = 75 @@ -64070,8 +64465,8 @@ rule ELASTIC_Windows_Generic_Threat_Ccb6A7A2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "60503212db3f27a4d68bbfc94048ffede04ad37c78a19c4fe428b50f27af7a0d" logic_hash = "312265bbc4330a463bbe7478c70233f5df3353bda3c450562f2414f3675ba91e" score = 75 @@ -64100,8 +64495,8 @@ rule ELASTIC_Windows_Generic_Threat_D62F1D01 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "380892397b86f47ec5e6ed1845317bf3fd9c00d01f516cedfe032c0549eef239" logic_hash = "fd65eb56f3a48c37f83d3544c039d29c231cac1e2f8f07d176d709432a75a4c3" score = 75 @@ -64129,8 +64524,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb6F41D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "afa060352346dda4807dffbcac75bf07e8800d87ff72971b65e9805fabef39c0" logic_hash = "7c4e62b69880eb8a901d7e94b7539786e8ac58808df07cb1cbe9ff45efce518e" score = 75 @@ -64160,8 +64555,8 @@ rule ELASTIC_Windows_Generic_Threat_C54Ed0Ed : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f0f4878cb003371522ed1419984f15fd5049f1adeb8e051b8b51b31b0d620e96" score = 75 quality = 75 @@ -64188,8 +64583,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbe41439 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "64afd2bc6cec17402473a29b94325ae2e26989caf5a8b916dc21952149d71b00" logic_hash = "288cdc285d024f2b69847e0d49bd4dc1c86a2a6a24a7b4fb248071855ba39a38" score = 75 @@ -64217,8 +64612,8 @@ rule ELASTIC_Windows_Generic_Threat_51A52B44 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "303aafcc660baa803344bed6a3a7a5b150668f88a222c28182db588fc1e744e0" logic_hash = "aad1c350f43cf2e0512e085e1a04db6099c568e375423afb9518b1fb89801c21" score = 75 @@ -64246,8 +64641,8 @@ rule ELASTIC_Windows_Generic_Threat_5C18A7F9 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fd272678098eae8f5ec8428cf25d2f1d8b65566c59e363d42c7ce9ffab90faaa" logic_hash = "05cea396567ed3e23907dec4e6e3a6629cd1044d9123cde0575a04b73bae6c20" score = 75 @@ -64275,8 +64670,8 @@ rule ELASTIC_Windows_Generic_Threat_Ab01Ba9E : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2b237716d0c0c9877f54b3fa03823068728dfe0710c5b05e9808eab365a1408e" logic_hash = "cc8d79950e21270938d2ea7e501c7c8fdbebe92767b48b46bb03c08c377e095b" score = 75 @@ -64306,8 +64701,8 @@ rule ELASTIC_Windows_Generic_Threat_917D7645 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19b54a20cfa74cbb0f4724155244b52ca854054a205be6d148f826fa008d6c55" logic_hash = "65748ff2e4448f305b9541ea9864cc6bda054d37be5ed34110a2f64c8fef30c7" score = 75 @@ -64335,8 +64730,8 @@ rule ELASTIC_Windows_Generic_Threat_7A09E97D : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0c1e333e60547a90ec9d9dac3fc6698b088769bc0f5ec25883b2c4d1fd680a9" logic_hash = "b65b2d12901953c137687a7b466c78e0537a2830c37a4cb13dd0eda457bba937" score = 75 @@ -64364,8 +64759,8 @@ rule ELASTIC_Windows_Generic_Threat_Dc4Ede3B : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c49f20c5b42c6d813e6364b1fcb68c1b63a2f7def85a3ddfc4e664c4e90f8798" logic_hash = "c402d5f16f2be32912d7a054b51ab6dafc6173bb5a267a7846b3ac9df1c4c19f" score = 75 @@ -64393,8 +64788,8 @@ rule ELASTIC_Windows_Generic_Threat_Bb480769 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "010e3aeb26533d418bb7d2fdcfb5ec21b36603b6abb63511be25a37f99635bce" logic_hash = "1087e0befceac2606ce5dc5f2b42b45ebad888e7d3e451c3fb89de7e932a31f5" score = 75 @@ -64422,8 +64817,8 @@ rule ELASTIC_Windows_Generic_Threat_5Fbf5680 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b0553a9873d4cda213f5464b5e98904163e347a49282db679394f70d4571e77" logic_hash = "ec5399f6fb29125cb4c096851b9194fa35fb1e5ddd1f4d4f07b155471ae5c619" score = 75 @@ -64451,8 +64846,8 @@ rule ELASTIC_Windows_Generic_Threat_Aa30A738 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7726a691bd6c1ee51a9682e0087403a2c5a798ad172c1402acf2209c34092d18" logic_hash = "64967fbc0e74435452752731a8b9385345cc771d27ee33cd018cccdeb26bb75e" score = 75 @@ -64480,8 +64875,8 @@ rule ELASTIC_Windows_Generic_Threat_9A8Dc290 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d951562a841f3706005d7696052d45397e3b4296d4cd96bf187920175fbb1676" logic_hash = "0097a13187b953ebe97809dda2be818cfcd94991c03e75f344e34a3d2c4fe902" score = 75 @@ -64509,8 +64904,8 @@ rule ELASTIC_Windows_Generic_Threat_Bbf2A354 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b4e6c748ad88070e39b53a9373946e9e404623326f710814bed439e5ea61fc3e" logic_hash = "6be2fae41199daea6b9d0394c9af7713543333a50620ef417bb8439d5a07f336" score = 75 @@ -64538,8 +64933,8 @@ rule ELASTIC_Windows_Generic_Threat_Da0F3Cbb : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b2c456d0051ffe1ca7e9de1e944692b10ed466eabb38242ea88e663a23157c58" logic_hash = "262d0bbb69adde8c4c8645813b048f3aaa2dbcc83996606e7ca21c3edea2b5d8" score = 75 @@ -64567,8 +64962,8 @@ rule ELASTIC_Windows_Generic_Threat_7D555B55 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7efa5c8fd55a20fbc3a270cf2329d4a38f10ca372f3428bee4c42279fbe6f9c3" logic_hash = "dc3a3622abbc7d0a02d8d9ed4446d0a72a603ecfd6594ecfa615e5418a9c9970" score = 75 @@ -64596,8 +64991,8 @@ rule ELASTIC_Windows_Generic_Threat_0A38C7D0 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "69ea7d2ea3ed6826ddcefb3c1daa63d8ab53dc6e66c59cf5c2506a8af1c62ef4" logic_hash = "e3fde76825772683c57f830759168fc9a3b3f3387f091828fd971e9ebba06d8a" score = 75 @@ -64625,8 +65020,8 @@ rule ELASTIC_Windows_Generic_Threat_98527D90 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fa24e7c6777e89928afa2a0afb2fab4db854ed3887056b5a76aef42ae38c3c82" logic_hash = "5a93f0a372f3a51233c6b2334539017df922f35a0d5f7d1749e0dd79268cb836" score = 75 @@ -64654,8 +65049,8 @@ rule ELASTIC_Windows_Generic_Threat_Baba80Fb : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dd22cb2318d66fa30702368a7f06e445fba4b69daf9c45f8e83562d2c170a073" logic_hash = "ba0da35bc00b776ae9b427e3a4b312b1b75bdc9b972fb52f26a5df6737f1ddc9" score = 75 @@ -64683,8 +65078,8 @@ rule ELASTIC_Windows_Generic_Threat_9F4A80B2 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24" logic_hash = "1df3b8245bc0e995443d598feb5fe2605e05df64b863d4f47c17ecbe8d28c3ea" score = 75 @@ -64712,8 +65107,8 @@ rule ELASTIC_Windows_Generic_Threat_39E1Eb4C : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a733258bf04ffa058db95c8c908a79650400ebd92600b96dd28ceecac311f94a" logic_hash = "d7791ae7513bc5645bcfa93a2d7bf9f7ef47a6727ea2ba5eb85f3c8528761429" score = 75 @@ -64741,8 +65136,8 @@ rule ELASTIC_Windows_Generic_Threat_D51Dd31B : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2a61c0305d82b6b4180c3d817c28286ab8ee56de44e171522bd07a60a1d8492d" logic_hash = "85fc7aa81489b304c348ead2d7042bb5518ff4579b1d3e837290032c4b144e47" score = 75 @@ -64771,8 +65166,8 @@ rule ELASTIC_Windows_Generic_Threat_3A321F0A : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91056e8c53dc1e97c7feafab31f0943f150d89a0b0026bcfb3664d2e93ccfe2b" logic_hash = "83834dd7d4df5de4b6a032f1896f52c1ebdf16ca8ad9766e8872243f1a6da67e" score = 75 @@ -64800,8 +65195,8 @@ rule ELASTIC_Windows_Generic_Threat_A82F45A8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad07428104d3aa7abec2fd86562eaa8600d3e4b0f8d78ba1446f340d10008b53" logic_hash = "70ebab6b03af38ef8c81664cf49ab07066a9672666599d99c91291a9d2e3af0b" score = 75 @@ -64829,8 +65224,8 @@ rule ELASTIC_Windows_Generic_Threat_D6625Ad7 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "878c9745320593573597d62c8f3adb3bef0b554cd51b18216f6d9f5d1a32a931" logic_hash = "e90aff7c35f60cc3446f9eeb2131edb7125bfa04eb8f90c5671d06e9ff269755" score = 75 @@ -64858,8 +65253,8 @@ rule ELASTIC_Windows_Generic_Threat_61Bbb571 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "41e2a6cecb1735e8f09b1ba5dccff3c08afe395b6214396e545347927d1815a8" logic_hash = "6b1ec666f3689638b9db9f041b0a89660b27c32590b747c5da3f4a02f01c7112" score = 75 @@ -64887,8 +65282,8 @@ rule ELASTIC_Windows_Generic_Threat_4A605E93 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1a84e25505a54e8e308714b53123396df74df1bde223bb306c0dc6220c1f0bbb" logic_hash = "6ad7afa5bd03916917e2bbf4d736331f4319b20bfde296d7e62315584813699f" score = 75 @@ -64916,8 +65311,8 @@ rule ELASTIC_Windows_Generic_Threat_B509Dfc8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9b5124e5e1be30d3f2ad1020bbdb93e2ceeada4c4d36f71b2abbd728bd5292b8" logic_hash = "90b00caf612f56a898b24c28ae6febda3fd11f382ab1deba522bdd2e2ba254b4" score = 75 @@ -64945,8 +65340,8 @@ rule ELASTIC_Windows_Generic_Threat_7A49053E : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "29fb2b18cfd72a2966640ff59e67c89f93f83fc17afad2dfcacf9f53e9ea3446" logic_hash = "6db95f20a2bcdfd7cb37cb33dae6351dd19f51a8c3cae54b1bb034af17378094" score = 75 @@ -64976,8 +65371,8 @@ rule ELASTIC_Windows_Generic_Threat_Fca7F863 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d0e786dd8f1dc05eae910c6bcf15b5d05b4b6b0543618ca0c2ff3c4bb657af3" logic_hash = "ad45fe6e8257d012824b36aaee1beccb82c1b78031de86c1f1dd26d5be88aa6f" score = 75 @@ -65005,8 +65400,8 @@ rule ELASTIC_Windows_Generic_Threat_Cafbd6A3 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "97081a51aa016d0e6c9ecadc09ff858bf43364265a006db9d7cc133f8429bc46" logic_hash = "28813fc8a49b6ec3fe7675409fde923f0f30851429a526c142e0a228b4e0efa6" score = 75 @@ -65035,8 +65430,8 @@ rule ELASTIC_Windows_Generic_Threat_D8F834A9 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c118c2064a5839ebd57a67a7be731fffe89669a8f17c1fe678432d4ff85e7929" logic_hash = "9fa1a65f3290867e4c59f14242f7261741e792b8be48c053ac320a315f2c1beb" score = 75 @@ -65064,8 +65459,8 @@ rule ELASTIC_Windows_Generic_Threat_De3F91C6 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2cd4a8ccbf4a3a93c1387c66d94e9506b5981357004929ce5a41fcedfffb20f" logic_hash = "032ac2adb11782d823f50bfedf4e4decb731dbe7d3abbb3b05ccff598ba7edb8" score = 75 @@ -65093,8 +65488,8 @@ rule ELASTIC_Windows_Generic_Threat_F0516E98 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "28f5b1a05d90745f432aee6bb9da3855d70b18d556153059794c5e53bbd5117c" score = 75 @@ -65123,8 +65518,8 @@ rule ELASTIC_Windows_Generic_Threat_3C4D9Cbe : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "b32f9a3b86c60d4d69c59250ac59e93aee70ede890b059b13be999adbe043d2c" score = 75 @@ -65152,8 +65547,8 @@ rule ELASTIC_Windows_Generic_Threat_Deb82E8C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0f5791588a9898a3db29326785d31b52b524c3097370f6aa28564473d353cd38" logic_hash = "c24baecab39c72f6bb30713022297cb9fb41ef5339a353702f3f780a630d5b27" score = 75 @@ -65182,8 +65577,8 @@ rule ELASTIC_Windows_Generic_Threat_278C589E : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cccc6c1bf15a7d5725981de950475e272c277bc3b9d266c5debf0fc698770355" logic_hash = "59bbbecd73541750f7221b12895ccf51e1a6863ceca62e23f541df904ad23587" score = 75 @@ -65211,8 +65606,8 @@ rule ELASTIC_Windows_Generic_Threat_6B621667 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b50b39e460ecd7633a42f0856359088de20512c932fc35af6531ff48c9fa638a" logic_hash = "3574b7ef24c4387a9919ed9831af7657047b26d8922ab78788619bbd3d0edd56" score = 75 @@ -65240,8 +65635,8 @@ rule ELASTIC_Windows_Generic_Threat_7693D7Fd : FILE MEMORY date = "2024-02-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc40cc5d0bd3722126302f74ace414e6934eca3a8a5c63a11feada2130b34b89" logic_hash = "886ad084f33faf8baae8a650a88095757c2cff9e18c8f5c50ff36120b43ec082" score = 75 @@ -65269,8 +65664,8 @@ rule ELASTIC_Windows_Generic_Threat_Df5De012 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "1a1ce3644c33a4591ab6582525366d47e07bdc2350aa6066ec5b5fedc605b037" score = 75 @@ -65298,8 +65693,8 @@ rule ELASTIC_Windows_Generic_Threat_0E8530F5 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2517-L2536" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2517-L2536" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9f44d9acf79ed4450195223a9da185c0b0e8a8ea661d365a3ddea38f2732e2b8" logic_hash = "f4a010366625c059151d3e704f6ece1808f367401729feaf6cc423cf4d5c5c60" score = 75 @@ -65328,8 +65723,8 @@ rule ELASTIC_Windows_Generic_Threat_Ba807E3E : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2538-L2556" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2538-L2556" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cabd0633b37e6465ece334195ff4cc5c3f44cfe46211165efc07f4073aed1049" logic_hash = "896eedb949eec6dff3e867ae3179b741382dd25ba06c6db452ac1ae5bc6bc757" score = 75 @@ -65357,8 +65752,8 @@ rule ELASTIC_Windows_Generic_Threat_4578Ee8C : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "699fecdb0bf27994d67492dc480f4ba1320acdd75e5881afbc5f73c982453fed" logic_hash = "1a519bb84aae29057536ea09e53ff97cfe34a70c84ac6fa7d1ec173de3754f03" score = 75 @@ -65386,8 +65781,8 @@ rule ELASTIC_Windows_Generic_Threat_Ebf62328 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2578-L2598" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2578-L2598" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dfce19aa2e1a3e983c3bfb2e4bbd7617b96d57602d7a6da6fee7b282e354c9e1" logic_hash = "e99b56dde761c5efad14f935befa4d1dbb31cd305b5d6af05a90d44dc3cd0098" score = 75 @@ -65417,8 +65812,8 @@ rule ELASTIC_Windows_Generic_Threat_Dcc622A4 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2600-L2618" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2600-L2618" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "94a3f10396c07783586070119becf0924de9a7caf449d6e07065837d54e6222d" logic_hash = "9254226918f39389ccc347de1c5064552a8500ccef1884b8e27b6e98c651f45b" score = 75 @@ -65446,8 +65841,8 @@ rule ELASTIC_Windows_Generic_Threat_046Aa1Ec : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c74cf499fb9298d43a6e64930addb1f8a8d8336c796b9bc02ffc260684ec60a2" logic_hash = "da6552da3db4851806f5a0ce3c324a79acf4ee4b2690cb02cc8d8c88a2ba28f8" score = 75 @@ -65475,8 +65870,8 @@ rule ELASTIC_Windows_Generic_Threat_85C73807 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7f560a22c1f7511518656ac30350229f7a6847d26e1b3857e283f7dcee2604a0" logic_hash = "90aa64f17b91ccdf367e1976cd1f5e89e15c7369a58b2d19187143e70939d756" score = 75 @@ -65504,8 +65899,8 @@ rule ELASTIC_Windows_Generic_Threat_642Df623 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da" logic_hash = "555eb66f117312fa4ff3a49c0c40f89caddec3eb4b93d11bda2cce40529d46a0" score = 75 @@ -65533,8 +65928,8 @@ rule ELASTIC_Windows_Generic_Threat_27A2994F : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e534914e06d90e119ce87f5abb446c57ec3473a29a7a9e7dc066fdc00dc68adc" logic_hash = "66f34ba3052e2369528aeaf076f10d58f8f3dca420666246e02191fecb057f8c" score = 75 @@ -65562,8 +65957,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbceec58 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fbec30528e6f261aebf0d41f3cd6d35fcc937f1e20e1070f99b1b327f02b91e0" logic_hash = "2a99fb7b342b43e3a4f0136d7d618625ca5708ae32e6fcabb11420bd8c89915b" score = 75 @@ -65591,8 +65986,8 @@ rule ELASTIC_Windows_Generic_Threat_7407Eb79 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9ae0f053c8e2c4f4381eac8265170b79301d4a22ec1fdb86e5eb212c51a75d14" logic_hash = "a60c3e54493f9dab71584ba301c41c43f30d554df8c0b05674995faaf407ee48" score = 75 @@ -65620,8 +66015,8 @@ rule ELASTIC_Windows_Generic_Threat_3613Fa12 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1403ec99f262c964e3de133a10815e34d2f104b113b0197ab43c6b7b40b536c0" logic_hash = "77b23aaf384de138214e64342e170f3dce667ee41c3063c999286da9af6fff42" score = 75 @@ -65649,8 +66044,8 @@ rule ELASTIC_Windows_Generic_Threat_B125Fff2 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9c641c0c8c2fd8831ee4e3b29a2a65f070b54775e64821c50b8ccd387e602097" logic_hash = "054f3f36c688e1f5c3116e7a926df12df90f79dc1d42bee2616b5251f6ad2c24" score = 75 @@ -65678,8 +66073,8 @@ rule ELASTIC_Windows_Generic_Threat_D7E5Ec2D : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe711664a565566cbc710d5e678a9a30063a2db151ebec226e2abcd24c0a7e68" logic_hash = "4edb8cc1da81e0b9b3a8facc9a9a7d1e27dff0d2db7851d06a209beec3ccb463" score = 75 @@ -65707,8 +66102,8 @@ rule ELASTIC_Windows_Generic_Threat_1636C2Bf : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e43916db43d8217214bbe4eb32ed3d82d0ac423cffc91d053a317a3dbe6dafb" logic_hash = "c8b198cd5f9277ff3808ee2a313ab979d544b9e609d6623876d2e3c3c5668e38" score = 75 @@ -65736,8 +66131,8 @@ rule ELASTIC_Windows_Generic_Threat_0A640296 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3682eff62caaf2c90adef447d3ff48a3f9c34c571046f379d2eaf121976f1d07" logic_hash = "743c47c7a58e7d65261818b4b444aaf8015b9b55d3e54526b1d63a8770a6c5aa" score = 75 @@ -65765,8 +66160,8 @@ rule ELASTIC_Windows_Generic_Threat_B1Ef4828 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2840-L2859" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2840-L2859" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "29b20ff8ebad05e4a33c925251d08824ca155f5d9fa72d6f9e359e6ec6c61279" logic_hash = "d5d63f38308c6f8e5ca54567c7c8b93fcde69601fbcc28d56d5231edd28163cf" score = 75 @@ -65795,8 +66190,8 @@ rule ELASTIC_Windows_Generic_Threat_48Cbdc20 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2861-L2880" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2861-L2880" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7a7704c64e64d3a1f76fc718d5b5a5e3d46beeeb62f0493f22e50865ddf66594" logic_hash = "687d0f3dc85a7e4b23019deec59ee77c211101d40ed6622a952e69ebc4151483" score = 75 @@ -65825,8 +66220,8 @@ rule ELASTIC_Windows_Generic_Threat_420E1Cdc : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2882-L2900" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2882-L2900" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b20254e03f7f1e79fec51d614ee0cfe0cb87432f3a53cf98cf8c047c13e2d774" logic_hash = "6bd8a7bd4392e04d64f2e0b93d80978f59f9af634a0c971ca61cb9cb593743e0" score = 75 @@ -65854,8 +66249,8 @@ rule ELASTIC_Windows_Generic_Threat_4C37E16E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2902-L2921" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2902-L2921" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d83a8ed5e192b3fe9d74f3a9966fa094d23676c7e6586c9240d97c252b8e4e74" logic_hash = "dabac8aa6a3f4d4bd726161fc6573ca9de4088e7d818c3cf33cafc91f680e7aa" score = 75 @@ -65884,8 +66279,8 @@ rule ELASTIC_Windows_Generic_Threat_5Be3A474 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2923-L2941" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2923-L2941" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b902954d634307260d5bd8fb6248271f933c1cbc649aa2073bf05e79c1aedb66" logic_hash = "0f0f46e3bdebb47a4f43ccb64d65ab1e15d68d38c117cb25e5723ec16e7e0758" score = 75 @@ -65913,8 +66308,8 @@ rule ELASTIC_Windows_Generic_Threat_B191061E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258" logic_hash = "cbee10eab984249ceb9f8a82dc06aa014d6a249321f3d4f0d1e5657aab205ec8" score = 75 @@ -65942,8 +66337,8 @@ rule ELASTIC_Windows_Generic_Threat_05F52E4D : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e578b795f8ed77c1057d8e6b827f7426fd4881f02949bfc83bcad11fa7eb2403" logic_hash = "79898b59b6d3564aad85d823a1450600faff5b1d2dbfbe0cee4cc59971e4f542" score = 75 @@ -65971,8 +66366,8 @@ rule ELASTIC_Windows_Generic_Threat_C34E19E9 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f9048348a59d9f824b45b16b1fdba9bfeda513aa9fbe671442f84b81679232db" logic_hash = "87999b6f2cf359b6436ee7e57691ac73fc41f3947bf8fef3f6b98148e17f180d" score = 75 @@ -66000,8 +66395,8 @@ rule ELASTIC_Windows_Generic_Threat_E691Eaa1 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "afa5f36860e69b9134b93e9ad32fed0a5923772e701437e1054ea98e76f28a77" logic_hash = "0ac310e3f7cf99b77c2dcfea582752e2f1414caf43965c25d2f3f03cf27586cc" score = 75 @@ -66029,8 +66424,8 @@ rule ELASTIC_Windows_Generic_Threat_5E33Bb4B : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "7e2002c3917ccab7d9f56a7aa20ea75be71aa7fdc64b7c3f87edb68be38e74b2" score = 75 @@ -66058,8 +66453,8 @@ rule ELASTIC_Windows_Generic_Threat_Be64Ba10 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3043-L3062" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3043-L3062" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a" logic_hash = "c6acce53610baf119a0e2d55fc698a976463bbd21b739d4ac39a75383fa5fed2" score = 75 @@ -66088,8 +66483,8 @@ rule ELASTIC_Windows_Generic_Threat_7Bb75582 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3064-L3082" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3064-L3082" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "d959f755d28782b332248085034950a8d4cad3cde13b22254c90ca3952919e1b" score = 75 @@ -66117,8 +66512,8 @@ rule ELASTIC_Windows_Generic_Threat_59698796 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "59569049dbb09b7e15110fb8de1a146eb7fd606f116b4dd6c75ca973fb62296e" score = 75 @@ -66146,8 +66541,8 @@ rule ELASTIC_Windows_Generic_Threat_2Ae9B09E : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc8f4784c368676cd411b7d618407c416d9e56d116dd3cd17c3f750e6cb60c40" logic_hash = "183249214e5f8143eb91caf20778b870d17d7a52b6d71ad603827e8716e7e447" score = 75 @@ -66175,8 +66570,8 @@ rule ELASTIC_Windows_Generic_Threat_604A8763 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2a51fb11032ec011448184a4f2837d05638a7673d16dcf5dcf4005de3f87883a" logic_hash = "cf88c0d102680fc7c16d49b6e8dc49c16b27d5940edf078e667a45e70ebe3883" score = 75 @@ -66204,8 +66599,8 @@ rule ELASTIC_Windows_Generic_Threat_F45B3F09 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "577f1dbd76030c7e44ed28c748551691d446e268189af94e1fa1545f06395178" logic_hash = "9b01ad1271cc5052a793e5a885aa7289cbaea4a928f60d64194477c3036496ed" score = 75 @@ -66233,8 +66628,8 @@ rule ELASTIC_Windows_Generic_Threat_3F390999 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b6fc4eaef3515058f85551e7e5dffb68b9a0550cd7f9ebcbac158dac9ababf1" logic_hash = "462a7a38ebbb39515ac2c0a10353660d0cadcfb99360adcd200edc1db5a716ba" score = 75 @@ -66262,8 +66657,8 @@ rule ELASTIC_Windows_Generic_Threat_Abd1C09D : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ff09d2352c2163465d8c86f94baa25ba85c35698a5e3fbc52bc95afc06b7e85" logic_hash = "80e6f317e5cd91cb3819e9251efc8c96218071bec577a38c8784826dd4a657cb" score = 75 @@ -66291,8 +66686,8 @@ rule ELASTIC_Windows_Generic_Threat_B7870213 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "04cb0d5eecea673acc575e54439398cc00e78cc54d8f43c4b9bc353e4fc4430d" logic_hash = "79b8385543def42259cd9c09d4d7059ff6bb02a9e87cff1bc0a8861e3b333c5f" score = 75 @@ -66320,8 +66715,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bba6Bae : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d9955c716371422750b77d64256dade6fbd028c8d965db05c0d889d953480373" logic_hash = "59e4b173c21b0ab161adf8d89f253f21403bca706b6bf40b3da00697f87dd509" score = 75 @@ -66349,8 +66744,8 @@ rule ELASTIC_Windows_Generic_Threat_4Db75701 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fa7847d21d5a350cf96d7ecbcf13dce63e6a0937971cfb479700c5b31850bba9" logic_hash = "65f7d15ed551e069b30ce6c0a5f15d01d24b8b29727950269c9956fcf6dc799d" score = 75 @@ -66378,8 +66773,8 @@ rule ELASTIC_Windows_Generic_Threat_54A914C9 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c418c5ad8030985bb5067cda61caba3b7a0d24cb8d3f93fc09d452fbdf4174ec" logic_hash = "0cc3797564b4c722423f915493e07b0e0fec3085e7a535f9914f82d73c797bed" score = 75 @@ -66407,8 +66802,8 @@ rule ELASTIC_Windows_Generic_Threat_38A88967 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e425eb1a27c4337f05d12992e33fe0047e30259380002797639d51ef9509739" logic_hash = "ddbdb1c39a07141d83173504214c889aff75487570d906413ebc6f262fedf9ae" score = 75 @@ -66436,8 +66831,8 @@ rule ELASTIC_Windows_Generic_Threat_E8Abb835 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e42262671325bec300afa722cefb584e477c3f2782c8d4c6402d6863df348cac" logic_hash = "0ad56b8c741a79a600a0d5588c4e8760a6d19fef72ff7814a00cfb84a90f23aa" score = 75 @@ -66465,8 +66860,8 @@ rule ELASTIC_Windows_Generic_Threat_492D7223 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0d9c9297836aceb4400bcb0877d1df90ca387f18f735de195852a909c67b7ef" logic_hash = "9fb2a00def86ed8476d906514a0bc630e28093ac37d757541d8801d2c8e0efc3" score = 75 @@ -66494,8 +66889,8 @@ rule ELASTIC_Windows_Generic_Threat_Ea296356 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c48a0fe90f3da7bfdd32961da7771a0124b77e1ac1910168020babe8143e959" logic_hash = "73ffd16f0047cd57311853aa9083fc21427f2eb21646c6edc7b8def86da90f90" score = 75 @@ -66523,8 +66918,8 @@ rule ELASTIC_Windows_Generic_Threat_Aeaeb5Cf : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f57d955d485904f0c729acff9db1de9cb42f32af993393d58538f07fa273b431" logic_hash = "640966296bad70234e0fe7b6f87b92fcf4fc111189d307d44f32e926785f76cb" score = 75 @@ -66552,8 +66947,8 @@ rule ELASTIC_Windows_Generic_Threat_C8424507 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3384-L3403" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3384-L3403" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d556b02733385b823cfe4db7e562e90aa520e2e6fb00fceb76cc0a6a1ff47692" logic_hash = "78d56257cb6e1d67f9343ee30b844fe20138e27ca3b6312a07112e5dbb797851" score = 75 @@ -66582,8 +66977,8 @@ rule ELASTIC_Windows_Generic_Threat_9Af87Ddb : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3405-L3423" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3405-L3423" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b1fbc11744e21dc08599412887a3a966572614ce25ccd3c8c98f04bcbdda3898" logic_hash = "99174c5740324d7704a5c6ae924254f9b5f241c97901dfdb771fc176a76e4a30" score = 75 @@ -66611,8 +67006,8 @@ rule ELASTIC_Windows_Generic_Threat_D7B57912 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3425-L3443" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3425-L3443" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0906599be152dd598c7f540498c44cc38efe9ea976731da05137ee6520288fe4" logic_hash = "a774e3030d81e29805a9784cfbbc0b69c4fedebe0daa25e403777e1f46f9094f" score = 75 @@ -66640,8 +67035,8 @@ rule ELASTIC_Windows_Generic_Threat_23D33B48 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "acbc22df07888498ae6f52f5458e3fb8e0682e443a8c2bc97177a0320b4e2098" logic_hash = "c9fb93bb74e4d45197d0da5b641860738a42a583b15cc098e86ea79bb8690bf7" score = 75 @@ -66669,8 +67064,8 @@ rule ELASTIC_Windows_Generic_Threat_4B0B73Ce : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "236fc00cd7c75f70904239935ab90f51b03ff347798f56cec1bdd73a286b24c1" logic_hash = "d53923df612dd7fe0b1b2c94c1c5d747b08723df129089326ec27c5049769cef" score = 75 @@ -66698,8 +67093,8 @@ rule ELASTIC_Windows_Generic_Threat_1F2E969C : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7def75df729ed66511fbe91eadf15bc69a03618e78c48e27c35497db2a6a97ae" logic_hash = "7d984a902f9bf40c9b49da89aba9249f80b41b24ca1cdb6189f541b40ef41742" score = 75 @@ -66727,8 +67122,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_52A15A93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "ceaf5b06108baa6043e31010d777099ed6ac9b4054e86d41309bd7c2b0ffda11" score = 75 @@ -66756,8 +67151,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_D0Ad9C82 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "8351cb61f5b712c65962e734a7c29271fa4805720e14b6badc9bc1c0364778f8" score = 75 @@ -66785,8 +67180,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E2C89606 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "64cb8d8ec04a53f663b216208279afba3c10f148fe99822f9a45100a4f73ed28" score = 75 @@ -66814,8 +67209,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_82B4E3F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8c91f85bc807605a3233d28a5eb8b6e1cf847fb288cbc4427e86226eed7a2055" score = 75 quality = 75 @@ -66842,8 +67237,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_601352Dc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5714e130075f4780e025fb3810f58a63e618659ac34d12abe211a1b6f2f80269" logic_hash = "adeeea73b711fc867b88775c06a14011380118ed85691660ba771381e51160e3" score = 75 @@ -66871,8 +67266,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Ddca1181 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "076d4ac69f6bc29975b22e19d429c25ef357443ec8fcaf5165e0a8069112af74" score = 75 quality = 75 @@ -66899,8 +67294,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_65E666C0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19f9b5382d3e8e604be321aefd47cb72c2337a170403613b853307c266d065dd" logic_hash = "2d2bec8f89986b19bf1c806b6654405ac6523f49aeafd759b7631d9587d780c8" score = 75 @@ -66928,8 +67323,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_494D5B0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7e08df5279f4d22f1f27553946b0dadd60bb8242d522a8dceb45ab7636433c2f" logic_hash = "6ddb94f9f44fe749a442592d491343a99bd870ea2d79596631d857516425e72b" score = 75 @@ -66957,8 +67352,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Bb4F7F39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "33e8fcbb29cc38b4a8365845eb3a1488e13be964f7383b28a158a98fb259acb4" score = 75 @@ -66986,8 +67381,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_8679E1Cb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6055ac4800397f6582e60cdf15fa74584986e1e7cf49a541b0ec746445834819" score = 75 quality = 75 @@ -67014,8 +67409,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_29B86E6A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "dd5f44249cc4c91f39a0e7d0b236ebeed8f78d5fcb03c7ebc80ef1c738b18336" score = 75 quality = 75 @@ -67042,8 +67437,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E3086563 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "5545f7ce8fa45dc56bc4bb5140ce1db527997dfaa1dd2bbb1e4a12af45300065" score = 75 @@ -67071,8 +67466,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "f93fe72e08c8ec135cccc8cdab2ecedbb694e9ad39f2572d060864bb3290e25c" score = 75 @@ -67100,8 +67495,8 @@ rule ELASTIC_Windows_Trojan_Xtremerat_Cd5B60Be : FILE MEMORY date = "2022-03-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "735f7bf255bdc5ce8e69259c8e24164e5364aeac3ee78782b7b5275c1d793da8" logic_hash = "a6997ae4842bd45c440925ef2a5848b57c58e2373c0971ce6b328ea297ee97b4" score = 75 @@ -67138,8 +67533,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_21269Be4 : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "a8a2cae51a31e48ffe729df61ec96e3257f9c997ad5234075f85ed55de96f11d" score = 75 @@ -67169,8 +67564,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_98F3C0Be : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "d578515fece7bd464bb09cc5ddb5caf70f4022e8b10388db689e67e662d57f66" score = 75 @@ -67206,8 +67601,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_C2907D77 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "613ac236130ab1654f051d6f0661fa62414f3bef036ea4cc585b4b21a4bb9d2b" logic_hash = "39b72973bbcddf14604b8ea08339657cba317c23fd4d69d4aa0903b262397988" score = 75 @@ -67235,8 +67630,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_3Eb725D1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "a9530aca53d935f3e77a5f0fc332db16e3a2832be67c067e5a6d18e7ec00e39f" score = 75 @@ -67264,8 +67659,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_400B7595 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "e36acf708875efda88143124e11fef5b0e2f99d17b0c49344db969cf0d454db1" score = 75 @@ -67293,8 +67688,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_E4874Cd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1523fe8f7bbbc7e42f8c2efe5b28dd381007846a1ba7078a6f1a30aedace884b" score = 75 @@ -67322,8 +67717,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_32C35334 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d62d450d48756c09f8788b27301de889c864e597924a0526a325fa602f91f376" score = 75 quality = 75 @@ -67350,8 +67745,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_6Dc1Caab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f4587bd45e57d4106ebe502d2eaa1d97fd68613095234038d67490e74c62ba70" logic_hash = "fd70960ed6e06f4d152bbd211fbe491dad596010da12cd53c93b577b551b8053" score = 75 @@ -67379,8 +67774,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Dc47A873 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "2f5bd9e012fd778388074cf29b56c7cd59391840f994835d087b7b661445d316" score = 75 @@ -67408,8 +67803,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Cb0358A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1f152b69bf0b2bfa539fdd42c432e456b9efb3766a450333a987313bb12c1826" score = 75 @@ -67437,8 +67832,8 @@ rule ELASTIC_Windows_Hacktool_Sharpup_E5C87C9A : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45e92b991b3633b446473115f97366d9f35acd446d00cd4a05981a056660ad27" logic_hash = "62e9aafd308aacbc7a124c707e230c5a9ffde4f6929a5feada5497e3eae7668c" score = 75 @@ -67472,8 +67867,8 @@ rule ELASTIC_Linux_Cryptominer_Casdet_5D0D33Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b09115c876a8b610e1941c768100e03c963c76b250fdd5b12a74253ef9e5fb6" logic_hash = "e3264f614e257d853070907866b838d1cb53c1f60f7a0123ec503f1d540a15d7" score = 75 @@ -67501,8 +67896,8 @@ rule ELASTIC_Windows_Hacktool_Coffloader_81Ba13B8 : FILE MEMORY date = "2024-04-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c2e03659eb1594dc958e01344cfa9ba126d66736b089db5e3dd1b1c3e3e7d2f7" logic_hash = "d4f061af200a0ae9f3276fd6dfcb09ecdf662f29b7c43ea47c69a53d9fe66793" score = 75 @@ -67554,8 +67949,8 @@ rule ELASTIC_Windows_Trojan_Nimplant_44Ff3211 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b56e20384f98e1d2417bb7dcdbfb375987dd075911b74ea7ead082494836b8f4" logic_hash = "ee519d8d722404ed440b385d283a41921bc34ee11f0e7273cdc074b377494c39" score = 75 @@ -67585,8 +67980,8 @@ rule ELASTIC_Linux_Exploit_Wuftpd_0991E62F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "71ad26a182c7f16e7e0ad7f7afe0dcf1d38fe953dc0806341d7e21ee4acea87d" score = 75 @@ -67614,8 +68009,8 @@ rule ELASTIC_Windows_Hacktool_Capcom_7Abae448 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24" logic_hash = "88f25c479cc8970e05ef9d08143afbbbfa17322f34379ba571e3a09105b33ee0" score = 75 @@ -67644,8 +68039,8 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY date = "2024-03-13" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c" logic_hash = "aa1a4813a18b4eb4f07e805ff9c87523ad74f59c0ed538212918335eaeee29d7" score = 75 @@ -67680,8 +68075,8 @@ rule ELASTIC_Linux_Rootkit_Fontonlake_8Fa41F5E : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "826222d399e2fb17ae6bc6a4e1493003881b1406154c4b817f0216249d04a234" logic_hash = "e90ace26dd74ae948d2469c6f532af5ec3070a21092f8b2c4d47c4f5b9d04c09" score = 75 @@ -67716,8 +68111,8 @@ rule ELASTIC_Linux_Trojan_Orbit_57C23178 : FILE MEMORY date = "2022-07-20" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020" logic_hash = "25b29e874ea9d400662418ddbb1c995a5a5b49f8ba6f51f59f7aa57cdda74054" score = 75 @@ -67766,8 +68161,8 @@ rule ELASTIC_Linux_Ransomware_Gonnacry_53C3832D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac" logic_hash = "2b7453c4eb71b71e6a241f728b077a2ee63d988d55a64fedf61c34222799e262" score = 75 @@ -67795,8 +68190,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2908_406C2Fef : FILE MEMORY CVE_2009_2908 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd" logic_hash = "ae379ca7564eb97f141f6ad71ca12973bf1a38cda4bc03e3f4dca1939a9b6b38" score = 75 @@ -67824,8 +68219,8 @@ rule ELASTIC_Linux_Ransomware_Itssoeasy_30Bd68E0 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "efb1024654e86c0c30d2ac5f97d27f5f27b4dd3f7f6ada65d58691f0d703461c" logic_hash = "a8838af442d1106bc9a7df93d6d8335ff0275bf5928acbb605e9bad58ce6bbd4" score = 75 @@ -67854,8 +68249,8 @@ rule ELASTIC_Windows_Ransomware_Gandcrab_8D0Ca31D : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_GandCrab.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_GandCrab.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703" logic_hash = "0ee46c41031a7e7fbdae0b80bd8c53bfd1a0b9d255072971e74470988e492430" score = 75 @@ -67885,8 +68280,8 @@ rule ELASTIC_Linux_Trojan_Masan_5369C678 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Masan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Masan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f2de9f39ca3910d5b383c245d8ca3c1bdf98e2309553599e0283062e0aeff17f" logic_hash = "e57b105004216a6054b0561b69cce00c35255c5bd33aa8e403d0a3967cd0697e" score = 75 @@ -67914,8 +68309,8 @@ rule ELASTIC_Linux_Ransomware_Babuk_Bd216Cab : FILE MEMORY date = "2024-05-09" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d305a30017baef4f08cee38a851b57869676e45c66e64bb7cc58d40bf0142fe0" logic_hash = "b0538be9d8deccc3f77640da28e5fd38a07557e9e5e3c09b11349d7eb50a56b5" score = 75 @@ -67944,8 +68339,8 @@ rule ELASTIC_Linux_Trojan_Mechbot_F2E1C5Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5f8e80e6877ff2de09a12135ee1fc17bee8eb6d811a65495bcbcddf14ecb44a3" logic_hash = "2ba9ece1ab2360702a59a737a20b6dbd8fca276b543477f9290ab80c6f51e2f1" score = 75 @@ -67973,8 +68368,8 @@ rule ELASTIC_Windows_Trojan_Remcos_B296E965 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed" logic_hash = "069072abd1182eee50cb9937503d47845e7315d8e3cd6b63576adc8f21820c82" score = 75 @@ -68005,8 +68400,8 @@ rule ELASTIC_Windows_Trojan_Remcos_7591E9F1 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4e6e5ecd1cf9c88d536c894d74320c77967fe08c75066098082bf237283842fa" logic_hash = "96acf1ba7740a8d34d929ed4a4fa446c984c3a8f64a603d428e782b6997e4d20" score = 75 @@ -68039,8 +68434,8 @@ rule ELASTIC_Windows_Trojan_Zeus_E51C60D7 : FILE MEMORY date = "2021-02-07" modified = "2021-10-04" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3" logic_hash = "cde738f95dbad1fbad59e20528b2f577e5e3ee5fcb37c68a45d53c689d2af525" score = 75 @@ -68073,8 +68468,8 @@ rule ELASTIC_Windows_Hacktool_Phant0M_2D6F9B57 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "30978aadd7d7bc86e735facb5046942792ad1beab6919754e6765e0ccbcf89d6" logic_hash = "a66f8779f77b216f7831617a34c008e4202f36e74f2866c9792cee34b804408d" score = 75 @@ -68107,8 +68502,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_69E20012 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "debb5d12c1b876f47a0057aad19b897c21f17de7b02c0e42f4cce478970f0120" logic_hash = "5d3c3e3ba7d5d0c20d2fa1a53032da9a93a6727dcd6cb3497bb7bfb8272e4f2b" score = 75 @@ -68141,8 +68536,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0C629849 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad070542729f3c80d6a981b351095ab8ac836b89a5c788dff367760a2d8b1dbb" logic_hash = "2bea8f569728ba81af4024bf062a06a5c91b1f057a0b62fe6d51b6fcadedf58c" score = 75 @@ -68174,8 +68569,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_849Cc5D5 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "42d734dbd33295bd68e5a545a29303a2104a5a92e5fee31d645e2a6410cc03e9" logic_hash = "01c708b1e000aecf473e0a1cf23f3812a337b9b21f5b81f7a5e481d06fdaeb16" score = 75 @@ -68206,8 +68601,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Da378432 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "277499da700e0dbe27269c7cfb1fc385313c4483912a9a3f0c15adba33ecd0bf" logic_hash = "cd9df6dff23986d61176e4d3440516b0590abdeebef0e456d1f4924724556fe9" score = 75 @@ -68237,8 +68632,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B957E45D : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "78af84bad4934283024f4bf72dfbf9cc081d2b92a9de32cc36e1289131c783ab" logic_hash = "27281303d007e6723308e88f335f52723b3ff0ef733d1a0712f5ba268e53a073" score = 75 @@ -68268,8 +68663,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1A98F2E2 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "89be4507c9c24c4ec9a7282f197a9a6819e696d2832df81f7e544095d048fc22" logic_hash = "23ea1c255472a67746b470e50d982bc91d22ede5e2582cf5cfaa90a1ed4e8805" score = 75 @@ -68299,8 +68694,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_D74153F6 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2823d27492e2e7a95b67a08cb269eb6f4175451d58b098ae429330913397d40a" logic_hash = "c60e7e63183f5bf0354a03f8399576e494e44a30257339ebccb6c19e954d6f3a" score = 75 @@ -68330,8 +68725,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_F7A31E87 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "82b55d8c0f0175d02399aaf88ad9e92e2e37ef27d52c7f71271f3516ba884847" logic_hash = "49583ba4f2bedb9337a8c10df4246bb76a3e60b08ba1a6b8684537fee985d911" score = 75 @@ -68362,8 +68757,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B0D2D4A4 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a37c888875e84069763303476f0df6769df6015b33aded59fc1e23eb604f2163" logic_hash = "bcabf74900222074ecf9051b6e0cb4ca7a240acd047a1b27137d1d198e23f161" score = 75 @@ -68394,8 +68789,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_5D26689F : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dafefb4d79d848384442a697b1316d93fef2741fca854be744896ce1d7f82073" logic_hash = "e7906273aa7f42920be9d06cdae89c81e0a99e532cdcd7bd714acc5f2bbb0ed5" score = 75 @@ -68427,8 +68822,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1C8C98Ae : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1a2c40531584ed485f3ff532f4269241a76ff171956d03e4f0d3f9c950f186d4" logic_hash = "fc32aa29f58478f0b7f4f5be61aadec65842c05b7d8ded840530503eae28b8eb" score = 75 @@ -68458,8 +68853,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_47F4B334 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c3821f63a7ec8861a6168b4bb494bf8cbac436b3abf5eaffbc6907fd68ebedb8" logic_hash = "34c8182d3b5ecbebd122d2d58fc0502a6bbca020b528ffdcc9ee988f21512d99" score = 75 @@ -68493,8 +68888,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0B014E0E : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a24443331508cc72b3391353f91cd009cafcc223ac5939eab12faf57447e3162" logic_hash = "cb19a0461d5fe6066d1fed4898ea12a9818be69d870e511559b19d5c7c959819" score = 75 @@ -68528,8 +68923,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ccc99Be1 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0e9f52d7aa6bff33bfbdba6513d402db3913d4036a5e1c1c83f4ccd5cc8107c8" logic_hash = "96af2123251587ece32e424202ff61cfa70faf2916cacddf5fcd9d81bf483032" score = 75 @@ -68561,8 +68956,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ed4B2C85 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0709a60149ca110f6e016a257f9ac35c6f64f50cfbd71075c4ca8bfe843c3211" logic_hash = "79e466b2f40a6769db498cc28cb22ba72ec20f92c8450d6f1f8301d00012f967" score = 75 @@ -68591,8 +68986,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_2B0Ad6F0 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aa2bce61511c72ac03562b5178aad57bce8b46916160689ed07693790cbfbeec" logic_hash = "91b4547e44c40cafe09dd415f0b5dfe5980fcb10d50aeae844cf21e7608d9a9d" score = 75 @@ -68623,8 +69018,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Bf205D5A : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2162a89f70edd7a7f93f8972c6a13782fb466cdada41f255f0511730ec20d037" logic_hash = "9f4c84fadc3d7555c80efc9c9c5dcb01d4ea65d2ff191aa63ae8316f763ded3f" score = 75 @@ -68658,8 +69053,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_E5B61173 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8032a7a320102c8e038db16d51b8615ee49f04dab1444326463f75ce0c5947a5" logic_hash = "f60d2de0b7fac06b62616d7c7f51e9374df3895eb30a07040e742cbcb462a418" score = 75 @@ -68690,8 +69085,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Dd5Fd075 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b47132a92b66c32c88f39fe36d0287c6b864043273939116225235d4c5b4043a" logic_hash = "f5101d5ddb1a84127e755677da70d9154849c546ac6ef0e7ef2639c82911eb92" score = 75 @@ -68722,8 +69117,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_2Aa8Fbb5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "21d8bec73476783e01d2a51a99233f186d7c72b49c9292c42e19e1aa6397d415" score = 75 quality = 75 @@ -68750,8 +69145,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_0998F811 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "178f6c42582dd99cc5418388d020d4d76f2a9204297a673359fe0a300121c35b" score = 75 quality = 75 @@ -68778,8 +69173,8 @@ rule ELASTIC_Windows_Trojan_Pandastealer_8B333E76 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935" logic_hash = "5878799338fc18bac0f946faeadd59c921dee32c9391fc12d22c72c0cd6733a8" score = 75 @@ -68811,8 +69206,8 @@ rule ELASTIC_Linux_Trojan_Mirai_268Aac0B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "6eae3aba35d3379fa194b66a1b4e0d78d0d0b88386cd4ea5dfeb3c072642c7ba" score = 75 @@ -68840,8 +69235,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5F2Abe2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "169e7e5d1a7ea8c219464e22df9be8bc8caa2e78e1bc725674c8e0b14f6b9fc5" score = 75 @@ -68869,8 +69264,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1Cb033F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ebaf45ce58124aa91b07ebb48779e6da73baa0b80b13e663c13d8fb2bb47ad0d" score = 75 quality = 75 @@ -68897,8 +69292,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa3Ad9D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "5890c85872ea4508e673235b20b481972f613f6e5f9564c0237c458995532347" score = 75 @@ -68926,8 +69321,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Cb1699C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "97307f583240290de2bfc663b99f8dcdedace92885bd3e0c0340709b94c0bc2a" score = 75 @@ -68955,8 +69350,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6F021787 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88183d71359c16d91a3252085ad5a270ad3e196fe431e3019b0810ecfd85ae10" logic_hash = "7e8062682a0babbaa3c00975807ba9fc34c465afde55e4144944e7598f0ea1fd" score = 75 @@ -68984,8 +69379,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1E0C5Ce0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d" logic_hash = "591cc3ef6932bf990f56c932866b34778e8eccd0e343f9bd6126eb8205a12ecc" score = 75 @@ -69013,8 +69408,8 @@ rule ELASTIC_Linux_Trojan_Mirai_22965A6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "09c821aa8977f67878f8769f717c792d69436a951bb5ac06ce5052f46da80a48" logic_hash = "6b2a46694edf709d28267268252cfe95d88049b7dca854059cfe44479ada7423" score = 75 @@ -69042,8 +69437,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4032Ade1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6150fbbefb916583a0e888dee8ed3df8ec197ba7c04f89fb24f31de50226e688" logic_hash = "9c5e24c4efd4035408897f638d3579c3798139fd18178cee4a944b49c13e1532" score = 75 @@ -69071,8 +69466,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B14F4C5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1a2114a7b397c850d732940a0e154bc04fbee1fdc12d343947b343b9b27a8af1" score = 75 quality = 75 @@ -69099,8 +69494,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C8385B81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3d27736caccdd3199a14ce29d91b1812d1d597a4fa8472698e6df6ef716f5ce9" logic_hash = "4ff1f0912fb92e7ac5af49e1738dac897ff1f0a118d8ff905da45b0a91b3f4a7" score = 75 @@ -69128,8 +69523,8 @@ rule ELASTIC_Linux_Trojan_Mirai_122Ff2E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4" logic_hash = "62884309b9095cdd6219c9ef6cd77a0f712640d8a1db4afe5b1d01f4bbe5acc2" score = 75 @@ -69157,8 +69552,8 @@ rule ELASTIC_Linux_Trojan_Mirai_26Cba88C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b4758bff3dcaa5640e340d27abba5c2e2b02c3c4a582374e183986375e49be8" logic_hash = "bb5a0f9e68655556ab9fccc27d11bf7828c299720bb67948455579d6a7eb2a9f" score = 75 @@ -69186,8 +69581,8 @@ rule ELASTIC_Linux_Trojan_Mirai_93Fc3657 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "0b5278feddd00b0b24ca735bf7cd1440379c6ce5aca6d2a6f38c9fdcedcb3c0d" score = 75 @@ -69215,8 +69610,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7C88Acbc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "76373f8e09b7467ac5d36e8baad3025a57568e891434297e53f2629a72cf8929" score = 75 quality = 75 @@ -69243,8 +69638,8 @@ rule ELASTIC_Linux_Trojan_Mirai_804F8E7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "711d74406d9b0d658b3b29f647bd659699ac0af9cd482403122124ec6054f1ec" score = 75 @@ -69272,8 +69667,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A2D2E15A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "567c3ce9bbbda760be81c286bfb2252418f551a64ba1189f6c0ec8ec059cee49" logic_hash = "c76fe953c4a70110346a020f2b27c7e79f4ad8a24fd92ac26e5ddd1fed068f65" score = 75 @@ -69301,8 +69696,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5946F41B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f0b6bf8a683f8692973ea8291129c9764269a6739650ec3f9ee50d222df0a38a" logic_hash = "43691675db419426413ccc24aa9dfe94456fa1007630652b08a625eafd1f17b8" score = 75 @@ -69330,8 +69725,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Da4Aa3B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dbc246032d432318f23a4c1e5b6fcd787df29da3bf418613f588f758dcd80617" logic_hash = "84ddc505d2e2be955b88a0fe3b78d435f73c0a315b513e105933e84be78ba2ad" score = 75 @@ -69359,8 +69754,8 @@ rule ELASTIC_Linux_Trojan_Mirai_70Ef58F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "3ad201d643e8f93a6f9075c03a76020d78186702a19bf9174b08688a2e94ef5c" score = 75 @@ -69388,8 +69783,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ea584243 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "34c6f800c849c295797cdd971fb4f3d16d680530f9a98c291388345569708208" score = 75 @@ -69417,8 +69812,8 @@ rule ELASTIC_Linux_Trojan_Mirai_564B8Eda : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee" logic_hash = "4bf11492f480911629623250146554f2456f3a527f5f80402ef74b22c1460462" score = 75 @@ -69446,8 +69841,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7E9F85Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4333e80fd311b28c948bab7fb3f5efb40adda766f1ea4bed96a8db5fe0d80ea1" logic_hash = "f4ce912e190bc5dcb56541f54ba8e47b6103c482bdc7e83b44693d2c066c0170" score = 75 @@ -69475,8 +69870,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A85A418 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a" logic_hash = "bd7fe497fb2557c9e9c26ec90e783f03cbbc9bdaa8d20b364ce65edf6c1e5fa3" score = 75 @@ -69504,8 +69899,8 @@ rule ELASTIC_Linux_Trojan_Mirai_24C5B7D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7c2f8ba2d6f1e67d1b4a3a737a449429c322d945d49dafb9e8c66608ab2154c4" logic_hash = "f790f6b8fcf932773054525ed74a3f15998d91a2626ae9c56486de8dabc2035c" score = 75 @@ -69533,8 +69928,8 @@ rule ELASTIC_Linux_Trojan_Mirai_99D78950 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "bfd628a9973f85ed0a8be2723c7ff4bd028af00ea98c9cbcde9df6aabcf394b2" score = 75 @@ -69562,8 +69957,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Fe3C668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e75b2dca7de7d9f31a0ae5940dc45d0e6d0f1ca110b5458fc99912400da97bde" score = 75 quality = 75 @@ -69590,8 +69985,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eedfbfc6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7342f7437a3a16805a7a8d4a667e0e018584f9a99591413650e05d21d3e6da6" logic_hash = "949b32db1a00570fc84fbbe510f57f6e898d089efd3fedbd7719f8059021b6bc" score = 75 @@ -69619,8 +70014,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6D96Ae91 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e3a1d92df6fb566e09c389cfb085126d2ea0f51a776ec099afb8913ef5e96f9b" logic_hash = "43b0ac7090620eb6c892f1105778c395bf18f5ac309ce1b2d9015b5abccbfc2a" score = 75 @@ -69648,8 +70043,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D8779A57 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "2154786bbb6dbcc280aaa9e2b75106b585d04c7c85f6162f441c81dc54663cb3" score = 75 @@ -69677,8 +70072,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3E72E107 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "57d04035b68950246dd152054e949008dafb810f3705710d09911876cd44aec7" logic_hash = "ba0ba56ded8977502ad9f8a1ceebd30efbff964d576bbfeedff5761f0538d8f0" score = 75 @@ -69706,8 +70101,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5C62E6B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "6505c4272f0f7c8c5f2d3f7cefdc3947c4015b0dfd94efde4357a506af93a99d" score = 75 @@ -69735,8 +70130,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C5430Ff9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5676773882a84d0efc220dd7595c4594bc824cbe3eeddfadc00ac3c8e899aa77" logic_hash = "8c385980560cd4b24e703744b57a9d5ea1bca8fbeea066e98dd4b40009e56104" score = 75 @@ -69764,8 +70159,8 @@ rule ELASTIC_Linux_Trojan_Mirai_402Adc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "dab879d57507d5e119ddf4ce6ed33570c74f185a2260e97a7ec1d6c844943e5d" score = 75 @@ -69793,8 +70188,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A39Dfaa7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "98fde36fc412b6aa50c80c12118975a6bf754a9fba94f1cc3cdeed22565d6b0d" score = 75 quality = 75 @@ -69821,8 +70216,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E3E6D768 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b505cb26d3ead5a0ef82d2c87a9b352cc0268ef0571f5e28defca7131065545e" logic_hash = "b848c7200f405d77553d661a6c49fb958df225875957ead35b35091995f307d1" score = 75 @@ -69850,8 +70245,8 @@ rule ELASTIC_Linux_Trojan_Mirai_520Deeb8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "671c17835f30cce1e5d68dbf3a73d340069b1b55a2ac42fc132c008cb2da622e" score = 75 quality = 75 @@ -69878,8 +70273,8 @@ rule ELASTIC_Linux_Trojan_Mirai_77137320 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "ee48e0478845a61dbbdb5cc3ee5194eb272fcf6dcf139381f068c9af1557d0d4" score = 75 @@ -69907,8 +70302,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A6A81F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0d31cc1f4a673c13e6c81c492acbe16e1e0dfb0b15913fb276ea4abff18b32af" score = 75 quality = 75 @@ -69935,8 +70330,8 @@ rule ELASTIC_Linux_Trojan_Mirai_485C4B13 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "9625e4190559cc77f41ebef24f9bfa5e3d2e2259c12b301148c614b0f98b5835" score = 75 @@ -69964,8 +70359,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7146E518 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "374602254be1f5c1dbb00ad25d870722e03d674033dfcf953a2895e1f50c637d" score = 75 quality = 75 @@ -69992,8 +70387,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6A77Af0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7d7623dfc1e16c7c02294607ddf46edd12cdc7d39a2b920d8711dc47c383731b" score = 75 quality = 75 @@ -70020,8 +70415,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5F7B67B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b2aedc0361c1093d7a996f26d907da3e4654c32a6dbcdbab441c19d4207f2e2a" score = 75 quality = 75 @@ -70048,8 +70443,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A3Cedc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "9233e6faa43d8ea43ff3c71ecb5248d5d311b2a593825c299cac4466278cd020" score = 75 @@ -70077,8 +70472,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7D05725E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "ac2d0b81325ce7984bc09f93e61b42c8e312a31c75f09d37313d70cd40d3cf8b" score = 75 @@ -70106,8 +70501,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa48B592 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee" logic_hash = "5648bcc96b1fdd1529b4b8765b1738594d0d61f7880b763e803cd89bd117e96b" score = 75 @@ -70135,8 +70530,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B9A9D04B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "61575576be4c1991bc381965a40e5d9d751bba2680a42907b0148651716419fc" score = 75 quality = 75 @@ -70163,8 +70558,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D2205527 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e4f584d1f75f0d7c98b325adc55025304d55907e8eb77b328c007600180d6f06" logic_hash = "172ba256873cce61047a5198733cacaff4ef343c9cbd76f2fbbf0e1ed8003236" score = 75 @@ -70192,8 +70587,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab073861 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "175444a9c9ca78565de4b2eabe341f51b55e59dec00090574ee0f1875422cbac" logic_hash = "251b92c4fec9d113025c6869c279247a3dd16ee094c8861fe43a33f87132bf75" score = 75 @@ -70221,8 +70616,8 @@ rule ELASTIC_Linux_Trojan_Mirai_637F2C04 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "cff4aa6c613ccc64f64441f7e40f79d3a22b5c12856c32814545bd41d5f112bd" score = 75 quality = 75 @@ -70249,8 +70644,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Aa39Fb02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ffa95d92a2b619008bd5918cd34a17cd034b2830dc09d495db4b0c397b1cb53a" score = 75 quality = 75 @@ -70277,8 +70672,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bce98A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80" logic_hash = "04d10ef03c178fb101d3c6b6d3b36f0aa04149b9b35a33c3d10d17af1fc07625" score = 75 @@ -70306,8 +70701,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A56423B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0c2765a5c1b331eb9ff5e542bc72eff7be3506e6caef94128413d500086715c6" score = 75 quality = 75 @@ -70334,8 +70729,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D18B3463 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cd86534d709877ec737ceb016b2a5889d2e3562ffa45a278bc615838c2e9ebc3" logic_hash = "f906c6f9baae6d6fa3f42e84607549bae44ed9ca847fd916d04f2671eef1caa1" score = 75 @@ -70363,8 +70758,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fe721Dc5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e9312eefb5f14a27d96e973139e45098c2f62a24d5254ca24dea64b9888a4448" score = 75 quality = 75 @@ -70391,8 +70786,8 @@ rule ELASTIC_Linux_Trojan_Mirai_575F5Bc8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "dec143d096f5774f297ce90ef664ae50c40ae4f87843bbb34e496565c0faf3b2" score = 75 quality = 75 @@ -70419,8 +70814,8 @@ rule ELASTIC_Linux_Trojan_Mirai_449937Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe" logic_hash = "d459e46893115dbdef46bcaceb6a66255ef3a389f1bf7173b0e0bd0d8ce024fb" score = 75 @@ -70448,8 +70843,8 @@ rule ELASTIC_Linux_Trojan_Mirai_2E3F67A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "8c83c5d32c58041444f33264f692a7580c76324d2cbad736fdd737bdfcd63595" score = 75 @@ -70477,8 +70872,8 @@ rule ELASTIC_Linux_Trojan_Mirai_01E4A728 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "753936b97a36c774975a1d0988f6f908d4b5e5906498aa34c606d4cd971f1ba5" score = 75 quality = 75 @@ -70505,8 +70900,8 @@ rule ELASTIC_Linux_Trojan_Mirai_64D5Cde2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "caf2a8c199156db2f39dbb0a303db56040f615c4410e074ef56be2662752ca9d" logic_hash = "08f3635e5517185cae936b39f503bbeba5aed2e36abdd805170a259bc5e3644f" score = 75 @@ -70534,8 +70929,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0D73971C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "56f3bac05fce0a0458e5b80197335e7bef6dcd50b9feb6f1008b8679f29cf37a" score = 75 @@ -70563,8 +70958,8 @@ rule ELASTIC_Linux_Trojan_Mirai_82C361D4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f8dbcf0fc52f0c717c8680cb5171a8c6c395f14fd40a2af75efc9ba5684a5b49" logic_hash = "766a964d7d35525fbc88adcf86fb69d11f9c63c0d28ceefb3ae79797a7161193" score = 75 @@ -70592,8 +70987,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ec591E81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7d45a4a128c25f317020b5d042ab893e9875b6ff0ef17482b984f5b3fe87e451" logic_hash = "f2a147fe7f98d2b3141a1fda118ee803c81d9bc6f498bfaf3557665397eb44da" score = 75 @@ -70621,8 +71016,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Eba3F5A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e4f89c76dfefd4b2bfd1cf0467ac0324026355723950d12d7ed51195fd998cf" logic_hash = "bcb2f1e1659102f39977fac43b119c58d6c72f828c3065e2318f671146e911da" score = 75 @@ -70650,8 +71045,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E43A8744 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "17c52d2b720fa2e98c3e9bb077525a695a6e547a66e8c44fcc1e26e48df81adf" score = 75 @@ -70679,8 +71074,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6E8E9257 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "67973257e578783838f18dc8ae994f221ad1c1b3f4a04a2b6b523da5ebd8c95b" score = 75 quality = 75 @@ -70707,8 +71102,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ac253E4F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "1ab463fce01148c2cc95659fdf8b05e597d9b4eeabe81a9cdfa1da3632d72291" score = 75 @@ -70736,8 +71131,8 @@ rule ELASTIC_Linux_Trojan_Mirai_994535C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "376a2771a2a973628e22379b3dbb9a8015c828505bbe18a0c027b5d513c9e90d" logic_hash = "c83c8c9cdfea1bf322115e5b23d751b226a5dbf42fc41faac172d36192ccf31f" score = 75 @@ -70765,8 +71160,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A68E498C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "e4552813dc92b397c5ba78f32ee6507520f337b55779a3fc705de7e961f8eb8f" score = 75 @@ -70794,8 +71189,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88De437F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "233dbf3d13c35f4c9c7078d67ea60086355c801ce6515f9d3c518e95afd39d85" score = 75 @@ -70823,8 +71218,8 @@ rule ELASTIC_Linux_Trojan_Mirai_95E0056C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380" logic_hash = "9e34891d28034d1f4fc3da5cb99df8fc74f0b876903088f5eab5fe36e0e0e603" score = 75 @@ -70852,8 +71247,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B548632D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "639d9d6da22e84fb6b6fc676a1c4cfd74a8ed546ce8661500ab2ef971242df07" logic_hash = "bfb46457f8b79548726e3988d649f94e04f26f9e546aae70ece94defae6bab8a" score = 75 @@ -70881,8 +71276,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E0Cf29E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "693e27da8cbab32954cc2c9ba648151ad9fc21fe53251628145d7b436ec5e976" score = 75 quality = 75 @@ -70909,8 +71304,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1754B331 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d89fc59d0de2584af0e4614a1561d1d343faa766edfef27d1ea96790ac7014b" logic_hash = "fde04b0e31a00326f9d011198995999ff9b15628f5ff4139ec7dec19ac0c59c9" score = 75 @@ -70938,8 +71333,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3278F1B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "4d709e8e2062099ac06b241408e52bcb86bbf8163faaffbcff68a05f864e1b3f" score = 75 @@ -70967,8 +71362,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab804Bb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8f0cc764729498b4cb9c5446f1a84cde54e828e913dc78faf537004a7df21b20" logic_hash = "cef2ffafe152332502fb0d72d014c81b90dc9ad4f4491f1b2f2f9c1f73cc7958" score = 75 @@ -70996,8 +71391,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Dca3B9B4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a839437deba6d30e7a22104561e38f60776729199a96a71da3a88a7c7990246a" logic_hash = "f85dfc1c00706d7ac11ef35c41c471383ef8b019a5c2566b27072a5ef5ad5c93" score = 75 @@ -71025,8 +71420,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ae9D0Fa6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8da5b14b95d96de5ced8bcab98e23973e449c1b5ca101f39a2114bb8e74fd9a5" score = 75 quality = 75 @@ -71053,8 +71448,8 @@ rule ELASTIC_Linux_Trojan_Mirai_612B407C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7833bc89778461a9f46cc47a78c67dda48b498ee40b09a80a21e67cb70c6add1" logic_hash = "6514725a32f7c28be7de5ff6fe1363df7c50e2cd6c8c79824ec4cbeadda2ca31" score = 75 @@ -71082,8 +71477,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5Da717F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "034dae5bea7536e8c8aa22b8b891b9c991b94f04be12c9fe6d78ddf07a2365d9" score = 75 @@ -71111,8 +71506,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D33095D4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "72326a3a9160e9481dd6fc87159f7ebf8a358f52bf0c17fbc3df80217d032635" logic_hash = "b7feaec65d72907d08c98b09fb4ac494ceee7d7bd51c09063363c617e3f057a4" score = 75 @@ -71140,8 +71535,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4E2246Fb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "6d2e1300286751a5e1ae683e9aab2f59bfbb20d1cc18dcce89c06ecadf25a3e6" score = 75 @@ -71169,8 +71564,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5981806 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "784f2005853b5375efaf3995208e4611b81b8c52f67b6dc139fd9fec7b49d9dc" logic_hash = "e625323543aa5c8374a179dfa51c3f5be1446459c45fa7c7a27ae383cf0f551b" score = 75 @@ -71198,8 +71593,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C6055Dc9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1718d7fdeef886caa33951e75cbd9139467fa1724605fdf76c8cdb1ec20e024" logic_hash = "4d9d7c44f0d3ae60275720ae5faf3c25c368aa6e7d9ab5ed706a30f9a7ffd3b8" score = 75 @@ -71227,8 +71622,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3B9675Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4ec4bc88156bd51451fdaf0550c21c799c6adacbfc654c8ec634ebca3383bd66" logic_hash = "61ff7cb8d664291de5cf0c82b80cf0f4001c41d3f02b7f4762f67eb8128df15d" score = 75 @@ -71256,8 +71651,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1C0D246D : FILE MEMORY date = "2021-04-13" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "211cfe9d158c8a6840a53f2d1db2bf94ae689946fffb791eed3acceef7f0e3dd" logic_hash = "7a101e6d2265e09eb6c8d0f1a2fe54c9aa353dfd8bd156926937f4aec86c3ef1" score = 75 @@ -71286,8 +71681,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ad337D2F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "012b717909a8b251ec1e0c284b3c795865a32a1f4b79706d2254a4eb289c30a7" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "dba630c1deb00b0dbd9f895a9b93393bc634150c8f32527b02d8dd71dc806e7d" score = 75 quality = 75 @@ -71314,8 +71709,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88A1B067 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a62db02343edda916cbbf463d8e07ec2ad4509fd0f15a5f6946d0ec6c332dd9" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0755f1f974734ccd4ecc444217bf52ed306d1dc32c05841ba9ca6d259e1a147e" score = 75 quality = 75 @@ -71342,8 +71737,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76Bbc4Ca : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a9ff86a66d417678c387102932a71fd879972173901c04f3462de0e519c3b51" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "855b7938b92b5645fcefd2ec1e2ccb71269654816f362282ccbf9aef1c01c8a0" score = 75 quality = 75 @@ -71370,8 +71765,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bfc17Bd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1cdd94f2a1cb2b93134646c171d947e325a498f7a13db021e88c05a4cbb68903" logic_hash = "ef83bc9ae3c881d09b691db42a1712b500a5bb8df34060a6786cfdc6caaf5530" score = 75 @@ -71399,8 +71794,8 @@ rule ELASTIC_Linux_Trojan_Mirai_389Ee3E9 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "fedeae98d468a11c3eaa561b9d5433ec206bdd4caed5aed7926434730f7f866b" score = 75 @@ -71428,8 +71823,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Cc93863B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "881998dee010270d7cefae5b59a888e541d4a2b93e3e52ae0abe0df41371c50d" score = 75 @@ -71457,8 +71852,8 @@ rule ELASTIC_Linux_Trojan_Mirai_8Aa7B5D3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "3c99b7b126184b75802c7198c81f4783af776920edc6e964dbe726d28d88f64d" score = 75 @@ -71486,8 +71881,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76908C99 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "533a90959bfb337fd7532fb844501fd568f5f4a49998d5d479daf5dfbd01abb2" logic_hash = "bd8254e888b1ea93ca9aad92ea2c8ece1f2d03ae2949ca4c3743b6e339ee21e0" score = 75 @@ -71515,8 +71910,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1538Ce1A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "cf2dd11da520640c6a64e05c4679072a714d8cf93d5f5aa3a1eca8eb3e9c8b3b" score = 75 @@ -71544,8 +71939,8 @@ rule ELASTIC_Linux_Trojan_Mirai_07B1F4F6 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "4af1a20e29e0c9b62e1530031e49a3d7b37d4e9a547d89a270a2e59e0c7852cc" score = 75 @@ -71573,8 +71968,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Feaa98Ff : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "06be9d8bcfcb7e6b600103cf29fa8a94a457ff56e8c7018336c270978a57ccbf" score = 75 @@ -71602,8 +71997,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Acd6Ed4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2644447de8befa1b4fe39b2117d49754718a2f230d6d5f977166386aa88e7b84" logic_hash = "ab284d41af8e1920fa54ac8bfab84bac493adf816aebce60490ab22c0e502201" score = 75 @@ -71631,8 +72026,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eb940856 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fbf814c04234fc95b6a288b62fb9513d6bbad2e601b96db14bb65ab153e65fef" logic_hash = "d7bb2373a35ea97a11513e80e9a561f53a8f0b9345f392e8e7f042d4cb2d7d20" score = 75 @@ -71660,8 +72055,8 @@ rule ELASTIC_Macos_Trojan_Electrorat_B4Dbfd1D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b1028b38fcce0d54f2013c89a9c0605ccb316c36c27faf3a35adf435837025a4" logic_hash = "a36143a8c93cb187dba0a88a15550219c19f1483502f782dfefc1e53829cfbf1" score = 75 @@ -71692,8 +72087,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_99487621 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "9a441c47e8b95d8aaec6f495d6ddfec2ed6b0762637ea48e64c9ea01b0945019" score = 75 @@ -71727,8 +72122,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_8B07C275 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "64e8bd8929c9fb8cae16f772e3266b02b4ddec770ff8d5379a93a483eb8ff660" score = 75 @@ -71757,8 +72152,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_Ac021Ae0 : FILE MEMORY date = "2023-03-30" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "033eabdd8ce8ecc4e1a657161c1f298c7dfe536ee2dbf9375cfda894638a7bee" score = 75 quality = 75 @@ -71793,8 +72188,8 @@ rule ELASTIC_Windows_Vulndriver_Llaccess_C57534E8 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b" logic_hash = "8bf629fd2ce0b1f15c7aacd573659b649dcf968556232683b29d68b27d12e577" score = 75 @@ -71824,8 +72219,8 @@ rule ELASTIC_Windows_Shellcode_Generic_8C487E57 : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a86ea8e15248e83ce7322c10e308a5a24096b1d7c67f5673687563dec8229dfe" score = 75 quality = 75 @@ -71852,8 +72247,8 @@ rule ELASTIC_Windows_Shellcode_Generic_F27D7Beb : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8530a74a002d0286711cd86545aff0bf853de6b6684473b6211d678797c3639f" score = 75 quality = 75 @@ -71880,8 +72275,8 @@ rule ELASTIC_Windows_Shellcode_Generic_29Dcbf7A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c2a81cc27e696a2e488df7d2f96784bbaed83df5783efab312fc5ccbfd524b43" score = 75 quality = 75 @@ -71908,8 +72303,8 @@ rule ELASTIC_Windows_Hacktool_Cpulocker_73B41444 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dbfc90fa2c5dc57899cc75ccb9dc7b102cb4556509cdfecde75b36f602d7da66" logic_hash = "8fb33744326781c51bb6bd18d0574602256b813b62ec8344d5338e6442bb2de0" score = 75 @@ -71937,8 +72332,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_8Bd3002C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "578fd1c3e6091df9550b3c2caf999d7a0432f037b0cc4b15642531e7fdffd7b7" score = 75 @@ -71966,8 +72361,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_A592A280 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "b16cf5b527782680cc1da6f61dd537596792fed615993b19965ef2dbde701e64" score = 75 @@ -71995,8 +72390,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D57Aa841 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "b0db72ad81d27f5b2ac2d2bb903ff10849c304d40619fd95a39e7d48c64c45ba" score = 75 @@ -72024,8 +72419,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_B97E0253 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "dc11d50166a4d1b400c0df81295054192d42822dd3e065e374a92a31727d4dbd" score = 75 @@ -72053,8 +72448,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_66C465A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "71f224e3ee1ff29787258a61f29a37a9ddc51e9cb5df0693ea52fd4b6f0b5ad8" score = 75 @@ -72082,8 +72477,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D8573802 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "b51ab7a7c26e889a4e8efc2b9883f709c17d82032b0c28ab3e30229d6f296367" score = 75 @@ -72111,8 +72506,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_7926Bc8E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "ac42dd714696825d64402861e96122cce7cd09ae8d9c43a19dd9cf95d7b09610" score = 75 @@ -72140,8 +72535,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_E2377400 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b88daf00a0e890b6750e691856b0fe7428d90d417d9503f62a917053e340228b" logic_hash = "71276698d1bdb9bc494fe6f1aa9755940583331836abc490e0b5ac3454d35de6" score = 75 @@ -72169,8 +72564,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_994F1E97 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2384e787877b622445d7d14053a8340d2e97d3ab103a3fabfa08a40068726ad0" score = 75 quality = 75 @@ -72197,8 +72592,8 @@ rule ELASTIC_Windows_Hacktool_Sharpshares_88Cdcd52 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41" logic_hash = "85c59b939da6158f931e779c2884cea77b80fab54ee5e157d86afa19f0253db3" score = 75 @@ -72237,8 +72632,8 @@ rule ELASTIC_Windows_Trojan_Mylobot_A895174A : FILE MEMORY date = "2024-05-15" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "33831d9ad64d0f52f507f08ef81607aafa6ced58a189969af6cf57c659c982d2" logic_hash = "16f2d8eeb6c85944030a33bd250e4e8b98985a6c877a0ec3ad5a6037e7c00159" score = 75 @@ -72272,8 +72667,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Aa20A3C6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6" logic_hash = "3b383934dc91536f69e2c6cb2cf2054c5f8a08766ecf1d1804c57f3a2c39c1c2" score = 75 @@ -72301,8 +72696,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Ce0Bda23 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89" logic_hash = "f7fbe0255a006cce42aff61b294512c11e1cceaf11d5c1b6f75b96fb3b155895" score = 75 @@ -72330,8 +72725,8 @@ rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Virus_Gmon.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Virus_Gmon.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "6dcfd51aaa79d7bac0100d9c891aa4275b8e1f7614cda46a5da4c738d376c729" score = 75 @@ -72359,8 +72754,8 @@ rule ELASTIC_Linux_Virus_Gmon_192Bd9B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Virus_Gmon.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Virus_Gmon.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "3df275349d14a845c73087375f96e0c9a069ff685beb89249590ef9448e50373" score = 75 @@ -72388,8 +72783,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_57C0C6D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "100dc1ede4c0832a729d77725784d9deb358b3a768dfaf7ff9e96535f5b5a361" logic_hash = "d3a272d488cebe4f774c994001a14d825372a27f16267bc0339b7e3b22ada8db" score = 75 @@ -72417,8 +72812,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_7E42Bf80 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "551b6e6617fa3f438ec1b3bd558b3cbc981141904cab261c0ac082a697e5b07d" logic_hash = "ad8c8f0081d07f7e2a5400de6af2c6b311f77ff336d7576f7fb0bfe2593a9062" score = 75 @@ -72446,8 +72841,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_271121Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19aeafb63430b5ac98e93dfd6469c20b9c1145e6b5b86202553bd7bd9e118842" logic_hash = "f43b1527ad4bbd07023126def89c1af47698cc832f71f4a1381ed0d621d79ed5" score = 75 @@ -72475,8 +72870,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_E7E64Fb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e325ac02c51526c5a36bdd6c2bcb3bee51f1214d78eff8048c8a1ae88334a9e8" score = 75 quality = 75 @@ -72503,8 +72898,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_79B42B21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "db42871193960ea4c2cbe5f5040cbc1097d57d9e4dc291bcc77ed72b588311ab" score = 75 quality = 75 @@ -72531,8 +72926,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_77Fbc695 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e723a2b976adddb01abb1101f2d3407b783067bec042a135b21b14d63bc18a68" logic_hash = "af8e09cd5d6b7532af0c06273aa465cf6c40ad6c919a679fd09191a1c2a302f5" score = 75 @@ -72560,8 +72955,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_403B0A12 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "54d806b3060404ccde80d9f3153eebe8fdda49b6e8cdba197df0659c6724a52d" logic_hash = "5b7662124eb980b11f88a50665292e7a405595f7ad85c5c448dd087ea096689a" score = 75 @@ -72589,8 +72984,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Bffa106B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d7214ad9c4291205b50567d142d99b8a19a9cfa69d3cd0a644774c3a1adb6b49" score = 75 quality = 75 @@ -72617,8 +73012,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_73Faf972 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "a6a9d304d215302bf399c90ed0dd77a681796254c51a2a20e4a316dba43b387f" score = 75 @@ -72646,8 +73041,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Af809Eea : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "4ae4b119a3eecfdb47a88fe5a89a4f79ae96eecf5d08eef08997357de7e6538a" score = 75 @@ -72675,8 +73070,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_9F6Ac00F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9cd58c1759056c0c5bbd78248b9192c4f8c568ed89894aff3724fdb2be44ca43" logic_hash = "9fa8e7be5c35c9a649c42613d0d5d5cecff3d9c3e9a572e4be1ca661876748a5" score = 75 @@ -72704,8 +73099,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Dbcc9D87 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "da9b8fb5c26e81fb3aed3b0bc95d855339fced303aae2af281daf0f1a873e585" logic_hash = "b7fa60e32cb53484d8b76b13066eda1f2275ee2660ac2dc02b0078b921998e79" score = 75 @@ -72733,8 +73128,8 @@ rule ELASTIC_Linux_Trojan_Gognt_50C3D9Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79602bc786edda7017c5f576814b683fba41e4cb4cf3f837e963c6d0d42c50ee" logic_hash = "ecd9cd94b3bf8c50c347e70aab3da03ea6589530b20941a9f62dac501f8144fc" score = 75 @@ -72762,8 +73157,8 @@ rule ELASTIC_Linux_Trojan_Gognt_05B10F4B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e43aaf2345dbb5c303d5a5e53cd2e2e84338d12f69ad809865f20fd1a5c2716f" logic_hash = "1dfc3417f75aa81aea5eda3d6da076f1cacf82dbfc039252b1d16f52b81a5a65" score = 75 @@ -72791,8 +73186,8 @@ rule ELASTIC_Macos_Hacktool_Jokerspy_58A6B26D : FILE MEMORY date = "2023-06-19" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "e9e1333c7172d5a0f06093a902edefd7f128963dbaadf77e829f032ccb04ce56" score = 75 @@ -72825,8 +73220,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_517Aac7D : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "50e061d0c358655c03b95ccbe2d05e252501c3e6afd21dd20513019cd67e6147" score = 75 @@ -72858,8 +73253,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_9996D800 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "efefc171b6390c9792145973708358f62b18b8d0180feacaf5b9267563c3f7cc" score = 75 @@ -72887,8 +73282,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_C219A2F3 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7204f8caf6ace6ae1aed267de0ad6b39660d0e636d8ee0ecf88135f8a58dc42" logic_hash = "8075892728c610c1ceacd0df54615d2a3e833d728d631a9bf81311e8c6485f6e" score = 75 @@ -72917,8 +73312,8 @@ rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9c67207546ad274dc78a0819444d1c8805537f9ac36d3c53eba9278ed44b360c" logic_hash = "130df108de5b6cdfb9227f96301bdaa1e272d47b8cb9ad96c3aa574bf65870b2" score = 75 @@ -72946,8 +73341,8 @@ rule ELASTIC_Windows_Vulndriver_Mhyprot_26214176 : FILE date = "2022-08-25" modified = "2022-08-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6" logic_hash = "61d1713c689b9d663f2d3360d07735b07ca10365b5ce424b2df726bd6cc434d3" score = 75 @@ -72978,8 +73373,8 @@ rule ELASTIC_Multi_Hacktool_Gsocket_761D3A0F : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_Gsocket.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_Gsocket.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "193efd61ae10f286d06390968537fa85e4df40995fd424d1afe426c089d172ab" logic_hash = "6f60b63f406b42ac2a43cbe3afbbc98789504d7c6036d50f852a5bc4a6c46cef" score = 75 @@ -73020,8 +73415,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_7029Ba21 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "09005775fc587ac7bf150c05352e59dc01008b7bf8c1d870d1cea87561aa0b06" logic_hash = "874959361b14ba74e13e6e674da75c9bdb6b9475d8b286572825c940b41f679f" score = 75 @@ -73050,8 +73445,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY date = "2023-09-04" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "339e4fdbccb65b0b06a1421c719300a8da844789a2016d58e8ce4227cb5dc91b" logic_hash = "e1c25cf8ce0ff434727c9104c6b79110ff5cfa84eb3e939119fd05cf676727c6" score = 75 @@ -73082,8 +73477,8 @@ rule ELASTIC_Linux_Trojan_Lala_51Deb1F9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Lala.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Lala.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3af65d3307fbdc2e8ce6e1358d1413ebff5eeb5dbedc051394377a4dabffa82" logic_hash = "73a7ec230be9aabcc301095c9c075f839852155419bdd8d5542287f34699ab33" score = 75 @@ -73111,8 +73506,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_34Bd6C83 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "37f70ae0e4e671c739d402c00f708761e98b155a1eefbedff1236637c4b7690a" logic_hash = "d386fc2a4b6a98638328d1aa05a8d8dbb7a1bbcd72943457b1a5a27b056744ef" score = 75 @@ -73144,8 +73539,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f" logic_hash = "4c66f79f4bf6bde49bfb9208e6dc1d3b5d041927565e7302381838b0f32da6f4" score = 75 @@ -73173,8 +73568,8 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a637ea8f070e1edf2c9c81450e83934c177696171b24b4dff32dfb23cefa56d3" logic_hash = "60b4cc388975ce030e03c5c3a48adcfeec25299105206909163f20100fbf45d8" score = 75 @@ -73202,8 +73597,8 @@ rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "498d201f65b57a007a79259ce7015eb7eb1bba660d44deafea716e36316a9caa" logic_hash = "b85679018658e33e81cd2589e9f99cf9ed16ac25b27d93bece26cb5ccc2e379a" score = 75 @@ -73235,8 +73630,8 @@ rule ELASTIC_Windows_Trojan_Pipedance_01C18057 : FILE MEMORY date = "2023-02-02" modified = "2023-02-22" reference = "https://www.elastic.co/security-labs/twice-around-the-dance-floor-with-pipedance" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d3f739e35182992f1e3ade48b8999fb3a5049f48c14db20e38ee63eddc5a1e7" logic_hash = "0c03a725ae930eb829d6a6a9f681489d61aa7f69e72b6b298776f75a98115398" score = 75 @@ -73271,8 +73666,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_99349371 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e8dbb246fdd1a50226a36c407ac90eb44b0cf5e92bf0b92c89218f474f9c2afb" logic_hash = "26160e855c63fc0b73e415de2fe058f2005df1ec5544d21865d022c5474df30c" score = 75 @@ -73300,8 +73695,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_B9F045Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2565101b261bee22ddecf6898ff0ac8a114d09c822d8db26ba3e3571ebe06b12" score = 75 quality = 75 @@ -73328,8 +73723,8 @@ rule ELASTIC_Linux_Trojan_Dnsamp_C31Eebd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b86de97819a49a90961d59f9c3ab9f8e57e19add9fe1237d2a2948b4ff22de6" logic_hash = "b998065eff9f67a1cdf19644a13edb0cef3c619d8b6e16c412d58f5d538e4617" score = 75 @@ -73357,8 +73752,8 @@ rule ELASTIC_Multi_Generic_Threat_19854Dc2 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "be216fa9cbf0b64d769d1e8ecddcfc3319c7ca8e610e438dcdfefc491730d208" logic_hash = "beed6d6cd7b7b6eb3f4ab6a45fd19f2ebfb661e470d468691b68634994e2eef7" score = 75 @@ -73386,8 +73781,8 @@ rule ELASTIC_Linux_Trojan_Sdbot_98628Ea1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5568ae1f8a1eb879eb4705db5b3820e36c5ecea41eb54a8eef5b742f477cbdd8" logic_hash = "55b8e3fa755965b85a043015f9303644b8e06fe8bfdc0e2062de75bdc2881541" score = 75 @@ -73415,8 +73810,8 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE date = "2022-10-07" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ed4f2b3db9a79535228af253959a0749b93291ad8b1058c7a41644b73035931b" logic_hash = "43f9f1f6ad6c1defe2f0d6dd0cd380bea1a8ead19bc0bf203bdfe4f83b9c284d" score = 75 @@ -73444,8 +73839,8 @@ rule ELASTIC_Multi_Trojan_Sliver_42298C4A : FILE MEMORY date = "2021-10-20" modified = "2022-01-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007" logic_hash = "a84bdb51fcdeb4629365bdb727b53087604ee0eb112c8d6c3ecf315598ec678a" score = 75 @@ -73479,8 +73874,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3Bde542D : FILE MEMORY date = "2022-08-31" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05461e1c2a2e581a7c30e14d04bd3d09670e281f9f7c60f4169e9614d22ce1b3" logic_hash = "23a0e28c1423f577a147efdf927f2dc71871760e38d4d7494ead2920b90ef05e" score = 75 @@ -73513,8 +73908,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3D6B7Cd3 : FILE MEMORY date = "2022-12-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9846124cfd124eed466465d187eeacb4d405c558dd84ba8e575d8a7b3290403e" logic_hash = "3cbd3358b7d59d6a2912069f4cb8de005b6fafd61e44111d1f6cf0418eb2d1fc" score = 75 @@ -73560,8 +73955,8 @@ rule ELASTIC_Windows_PUP_Mediaarena_A9E3B4A1 : FILE MEMORY date = "2023-06-02" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac" logic_hash = "8e52b29f2848498aae2fd7ad35494362d6c07f0e752b628840a256923aca32c7" score = 75 @@ -73595,8 +73990,8 @@ rule ELASTIC_Multi_EICAR_Ac8F42D6 : FILE MEMORY date = "2021-01-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_EICAR.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_EICAR.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "05c92058aab1229dfa31e006276c2c83fa484e813bdfe66edf387763797d9d57" score = 75 quality = 25 @@ -73623,8 +74018,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "ed63c14e31c200f906b525c7ef1cd671511a89c8833cfa1a605fc9870fe91043" score = 75 @@ -73652,8 +74047,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_F4681Eba : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "cf478ec5313b40d74d110e4d6e97da5f671d5af331adc3ab059a69616e78c76c" score = 75 @@ -73681,8 +74076,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_4091E373 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c38c4bdd3c1fa16fd32db06d44d0db1b25bb099462f8d2936dbdd42af325b37c" logic_hash = "ce82f6d3a2e4b7ffe7010629bf91a9144a94e50513682a6c0622603d28248d51" score = 75 @@ -73710,8 +74105,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_20A0091E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b00a61c908cd06dbc26bee059ba290e7ce2ad6b66c453ea272c7287ffa29c5ab" logic_hash = "bb90b7e1637fd86e91763b4801a0b3bb8a1b956f328d07e96cf1b26e42b1931b" score = 75 @@ -73739,8 +74134,8 @@ rule ELASTIC_Linux_Webshell_Generic_E80Ff633 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Webshell_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Webshell_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7640ba6f2417931ef901044152d5bfe1b266219d13b5983d92ddbdf644de5818" logic_hash = "d345e6ce3e51ed55064aafb1709e9bee7ef2ce87ec80165ac1b58eebd83cefee" score = 75 @@ -73768,8 +74163,8 @@ rule ELASTIC_Linux_Webshell_Generic_41A5Fa40 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "18ac7fbc3d8d3bb8581139a20a7fee8ea5b7fcfea4a9373e3d22c71bae3c9de0" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Webshell_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Webshell_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "574148bc58626aac00add1989c65ad56315c7e2a8d27c7b96be404d831a7a576" score = 75 quality = 73 @@ -73796,8 +74191,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_4557_B7E15F5E : FILE MEMORY CVE_2016_4557 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271" logic_hash = "9c40233fec9607404ca4f78313e0f62922180e5ef88dbf801dd60725af61bdde" score = 75 @@ -73825,8 +74220,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" logic_hash = "aa976158d004d582234a92ff648d4581440f9c933a0abef212d9d837d9607ba4" score = 75 @@ -73845,6 +74240,53 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Trojan_Skidmap_52Fb8489 : FILE MEMORY +{ + meta: + description = "Detects Linux Trojan Skidmap (Linux.Trojan.Skidmap)" + author = "Elastic Security" + id = "52fb8489-4877-4543-8d7a-03f7cad50b0a" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Skidmap.yar#L21-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" + logic_hash = "9d199666f36a703b77d6b2a47e8d2065c25746a5776df63f5bfacb912afa582b" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "44ba77d99648660bd1091cb47fad42422a5cd26b9df848f1f9febdfd4d764540" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $func1 = "hideModule" + $func2 = "hook_local_out_func" + $func3 = "hook_local_in_func" + $func4 = "orig_getdents" + $func5 = "hacked_getdents" + $hook1 = "fake_seq_show_ipv4_udp" + $hook2 = "fake_seq_show_ipv6_tcp" + $hook3 = "fake_seq_show_ipv6_udp" + $hook4 = "fake_seq_show_ipv4_tcp" + $hook5 = "fake_account_user_time" + $hook6 = "fake_loadavg_proc_show" + $hook7 = "fake_trace_printk" + $hook8 = "fake_bpf_trace_printk" + $hook9 = "fake_crash_kexec" + $hook10 = "fake_sched_debug_show" + $str1 = "pamdicks" + $str2 = "netlink" + $str3 = "kaudited" + $str4 = "kswaped" + + condition: + 3 of ($func*) or 4 of ($hook*) or 3 of ($str*) +} rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY { meta: @@ -73854,8 +74296,8 @@ rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d6c8e15cb65102b442b7ee42186c58fa69cd0cb68f4fd47eb5ad23763371e0be" logic_hash = "a2e6016bfd8475880c28c89b5f5beeef1335de9529d44bbe7c5aaa352aab9a29" score = 75 @@ -73883,8 +74325,8 @@ rule ELASTIC_Linux_Trojan_Roopre_B6B9E71D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "32294e476a014a919d2d738bdc940a7fc5f91e1b13c005f164a5b6bf84eb2635" score = 75 @@ -73912,8 +74354,8 @@ rule ELASTIC_Linux_Trojan_Roopre_05F7F237 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "12e14ac31932033f2448b7a3bfd6ce826fff17494547ac4baefb20f6713baf5f" score = 75 @@ -73941,8 +74383,8 @@ rule ELASTIC_Windows_Clickfraud_Luckyslots_A82433B6 : FILE MEMORY date = "2024-08-21" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Clickfraud_LuckySlots.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Clickfraud_LuckySlots.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6503770b34c53025793f1674af87d80a8f6ed44b5780490796012a2b771b8f84" logic_hash = "342dafb67ae8557de66ac810482e2747ae88c76f07c244f1a465351fcc72cab9" score = 75 @@ -73976,8 +74418,8 @@ rule ELASTIC_Linux_Backdoor_Python_00606Bac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Python.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Python.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3e3728d43535f47a1c15b915c2d29835d9769a9dc69eb1b16e40d5ba1b98460" logic_hash = "92ad2cf4aa848c8f3bcedd319654bf5ef873cd4daba62572381c7e20f0296b82" score = 75 @@ -74005,8 +74447,8 @@ rule ELASTIC_Windows_Trojan_Asyncrat_11A11Ba1 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1" logic_hash = "c6c4ce9ccf01c280be6c25c0c82c34b601626bc200b84d3e77b08be473335d3d" score = 75 @@ -74039,8 +74481,8 @@ rule ELASTIC_Windows_Trojan_M0Yv_92F66467 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0004d22dd18c0239b722c085101c0a32b967159e2066a0b7b9104bb43f5cdea0" logic_hash = "a47b20679aee9559213de22783cfbc55c6091785e4dc288349963e863b78cf41" score = 75 @@ -74070,8 +74512,8 @@ rule ELASTIC_Windows_Trojan_Whispergate_9192618B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://www.elastic.co/security-labs/operation-bleeding-bear" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78" logic_hash = "28bb08d61d99d2bfc49ba18cdbabc34c31a715ae6439ab25bbce8cc6958ed381" score = 75 @@ -74103,8 +74545,8 @@ rule ELASTIC_Linux_Exploit_Intfour_0Ca45Cd3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d32c5447aa5182b4be66b7a283616cf531a2fd3ba3dde1bc363b24d8b22682f" logic_hash = "088d8daa9ba4f53c8de229282ed8a7b30b1e567687e7807ac6c3df9524dabba9" score = 75 @@ -74132,8 +74574,8 @@ rule ELASTIC_Linux_Downloader_Generic_0Bd15Ae0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Downloader_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Downloader_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e511efb068e76a4a939c2ce2f2f0a089ef55ca56ee5f2ba922828d23e6181f09" logic_hash = "c9558562d9e9d3b55bd1fba9e55b332e6b4db5a170e0dd349bef1e35f0c7fd21" score = 75 @@ -74161,8 +74603,8 @@ rule ELASTIC_Windows_Trojan_Rudebird_3Cbf7Bc6 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2095c3b6bde779b5661c7796b5e33bb0c43facf791b272a603b786f889a06a95" score = 75 quality = 75 @@ -74189,8 +74631,8 @@ rule ELASTIC_Linux_Cryptominer_Bscope_348B7Fa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a6fb80d77986e00a6b861585bd4e573a927e970fb0061bf5516f83400ad7c0db" logic_hash = "bc6a59dcc36676273c61fa71231fd8709884beebb7ab64b58f22551393b20c71" score = 75 @@ -74218,8 +74660,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4De7B584 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d61aabcf935121b4f7fc6b0d082d7d6c31cb43bf253a8603dd46435e66b7955" logic_hash = "019b2504df192e673f96a86464bb5e8ba5e89190e51bfe7d702753f76c00b979" score = 75 @@ -74247,8 +74689,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_E3Da43E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "da0cffc4222d11825778fe4fa985fef2945caa0cc3b4de26af0a06509ebafb21" logic_hash = "b129b7060b6af4ff2aae2678a455b969579132891fba44e4fdc2481a5437bdf9" score = 60 @@ -74276,8 +74718,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_82D5C4Cf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "81f35293bd3dd0cfbbf67f036773e16625bb74e06320fa1fff5bc428ef2f3a43" score = 60 @@ -74305,8 +74747,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4Ec2Ec63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "25f616c5440a48aef0f824cb6859e88787db4f42c1ec904a3d3bd72f3a64116e" score = 75 @@ -74334,8 +74776,8 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY date = "2022-12-02" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5546194a71bc449789c3697f9c106860ac0a21e1ccf2b1196120b3f92f4b5306" logic_hash = "c585abbe72834e9ba2e5f1c8070a43b0f10c2b574c72ffe1def4bfd431096415" score = 75 @@ -74364,6 +74806,90 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY condition: $guid or 4 of ($print_str*) } +rule ELASTIC_Linux_Rootkit_Generic_61229Bdf : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Generic (Linux.Rootkit.Generic)" + author = "Elastic Security" + id = "61229bdf-0b78-48b1-8a4d-09836dd2bcac" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Generic.yar#L1-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + logic_hash = "624c599a073c59f9c7f7c7492053470e4aafd1735519bf2c3eef290999e4e4ad" + score = 75 + quality = 50 + tags = "FILE, MEMORY" + fingerprint = "8180ee7a04fd5ba23700e77ad3be7f30d592e77cffa8ebee8de7094627446335" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "dropshell" + $str2 = "fake_account_user_time" + $str3 = "fake_bpf_trace_printk" + $str4 = "fake_crash_kexec" + $str5 = "fake_loadavg_proc_show" + $str6 = "fake_sched_debug_show" + $str7 = "fake_seq_show_ipv4_tcp" + $str8 = "fake_seq_show_ipv4_udp" + $str9 = "fake_seq_show_ipv6_tcp" + $str10 = "fake_seq_show_ipv6_udp" + $str11 = "fake_trace_printk" + $str12 = "give_root" + $str13 = "hack_getdents" + $str14 = "hacked_getdents64" + $str15 = "hacked_kill" + $str16 = "hideModule" + $str17 = "hide_module" + $str18 = "hide_tcp4_port" + $str19 = "hide_tcp6_port" + $str20 = "hidden_tcp4_ports" + $str21 = "hidden_tcp6_ports" + $str22 = "hidden_udp4_ports" + $str23 = "hidden_udp6_ports" + $str24 = "hook_getdents" + $str25 = "hook_kill" + $str26 = "hook_local_in_func" + $str27 = "hook_local_out_func" + $str28 = "hook_tcp4_seq_show" + $str29 = "hook_tcp6_seq_show" + $str30 = "hooked_tcp6_seq_show" + $str31 = "hooked_udp4_seq_show" + $str32 = "hooked_udp6_seq_show" + $str33 = "is_invisible" + $str34 = "module_hide" + $str35 = "module_show" + $str36 = "nf_inet_hooks" + $str37 = "old_access" + $str38 = "old_fopen" + $str39 = "old_lxstat" + $str40 = "old_open" + $str41 = "old_opendir" + $str42 = "old_readdir" + $str43 = "old_rmdir" + $str44 = "old_unlink" + $str45 = "old_xstat" + $str46 = "orig_getdents" + $str47 = "orig_getdents64" + $str48 = "orig_kill" + $str49 = "orig_tcp4_seq_show" + $str50 = "orig_tcp6_seq_show" + $str51 = "secret_connection" + $str52 = "unhide_file" + $str53 = "unhide_proc" + $str54 = "unhide_tcp4_port" + $str55 = "unhide_tcp6_port" + $str56 = "unhide_udp4_port" + $str57 = "unhide_udp6_port" + + condition: + 4 of ($str*) +} rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY { meta: @@ -74373,8 +74899,8 @@ rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ec9e74d52d745275718fe272bfd755335739ad5f680f73f5a4e66df6eb141a63" logic_hash = "71aa8aa4171671af4aa0271b64da95ac1d8766de12a949c97ebcac9369224ecd" score = 75 @@ -74402,8 +74928,8 @@ rule ELASTIC_Windows_Ransomware_Akira_C8C298Ba : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc" logic_hash = "9058c83693e93f6daee8894453e56e0d9a4867d551ec3a6b66d7a517f65d8b07" score = 75 @@ -74436,8 +74962,8 @@ rule ELASTIC_Windows_Ransomware_Snake_550E0265 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d9c2f6961a4ef560743060ed176bdc606561ca1b8270b8826cb0dbadaf4e5dbc" score = 75 quality = 75 @@ -74469,8 +74995,8 @@ rule ELASTIC_Windows_Ransomware_Snake_119F9C83 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "cf6c81e7332acc798409a05a548460bad0ac3621402672c242e48a1b6bccdae6" score = 75 quality = 75 @@ -74499,8 +75025,8 @@ rule ELASTIC_Windows_Ransomware_Snake_20Bc5Abc : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f3d8a523e04e516e8e059c9f13df355e6caf29a528cfebdf730e3a7d135e3351" score = 75 quality = 75 @@ -74528,8 +75054,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "ccfd7edf7625c13eea5b88fa29f9b8d3d873688f328f3e52c0500ac722c84511" score = 75 @@ -74558,8 +75084,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_F2159Bec : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "d36cb90b526a291858291d615272baa78881309c83376f4d4cce1768c740ddbc" score = 75 @@ -74587,8 +75113,8 @@ rule ELASTIC_Linux_Ransomware_Redalert_39642D52 : FILE MEMORY date = "2022-07-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09" logic_hash = "fa8fc16f0c8a55dd78781d334d7f55db6aa5e60f76cebf5282150af8ceb08dc3" score = 75 @@ -74620,8 +75146,8 @@ rule ELASTIC_Macos_Backdoor_Useragent_1A02Fc3A : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "623f99cbe20af8b79cbfea7f485d47d3462d927153d24cac4745d7043c15619a" logic_hash = "90debdfc24ef100952302808a2e418bca2a46be3e505add9a0ccf4c49aff5102" score = 75 @@ -74653,8 +75179,8 @@ rule ELASTIC_Windows_Trojan_Xeno_F92Ffb82 : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Xeno.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Xeno.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "22dbdbcdd4c8b6899006f9f07e87c19b6a2947eeff8cc89c653309379b388cf4" logic_hash = "17d5107b297c150cf737382c175e491e6bc4b17b2db583ff193f4acd40fdd459" score = 75 @@ -74682,8 +75208,8 @@ rule ELASTIC_Windows_Trojan_Caesarkbd_32Bb198B : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d4335f4189240a3bcafa05fab01f0707cc8e3dd7a2998af734c24916d9e37ca8" logic_hash = "f708706524515f98ebf612ac98318ee7172347096251d9ccd723f439070521de" score = 75 @@ -74711,8 +75237,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_48Bb4B2C : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f" logic_hash = "fd6ae610a4d2cbf02aae2302d181d07780e723ac7e61b5aa3fd18ba834160729" score = 75 @@ -74742,8 +75268,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_8A2F6Dc1 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3" logic_hash = "90e1efd9d918f15459dd3fabb4737cbdeded66da1d556becca051bdda5867c11" score = 75 @@ -74773,8 +75299,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_F4760D4A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003" logic_hash = "dc83771e08b8530bf138782ba8c7724e7ecff40c973407a7f654346302a284d5" score = 75 @@ -74804,8 +75330,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_6A7De49F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7" logic_hash = "de0d25377103d50b33a95a804b9c3eb9ef221d56fa1dfda0a32f14dcd95ee4b1" score = 75 @@ -74835,8 +75361,8 @@ rule ELASTIC_Linux_Backdoor_Bash_E427876D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "fdd066b746416730419787d21eb53fa2ba997679a237d9db3a2e1365d43df892" score = 75 @@ -74864,8 +75390,8 @@ rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3c7f759a6c38d0c0780fba2d43be6dcf9e4869d54b66f16c0703ec8e58124953" logic_hash = "e1d37ad683bfbe34433dc5e13ae2cf7c873fed640e1c58a3b0274b4b34900e53" score = 75 @@ -74892,6 +75418,161 @@ rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY condition: all of ($a*) or any of ($b*) } +rule ELASTIC_Linux_Rootkit_Reptile_B2Ccf852 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Reptile (Linux.Rootkit.Reptile)" + author = "Elastic Security" + id = "b2ccf852-1b85-4fe1-b0a7-7d39f91fee1b" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Reptile.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" + logic_hash = "efb4c0a9894e09b5a2a614a02810524e66b21f00b76ad583cc1eb551f4a73dcc" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "77d591ebe07ffe1eada48b3c071b1c7c21f6cc16f15eb117e7bbd8fd256e9726" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $func1 = "reptile_shell" + $func2 = "reptile_start" + $func3 = "reptile_module" + $func4 = "reptile_init" + $func5 = "reptile_exit" + + condition: + 2 of ($func*) +} +rule ELASTIC_Linux_Rootkit_Reptile_C9F8806D : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Reptile (Linux.Rootkit.Reptile)" + author = "Elastic Security" + id = "c9f8806d-102a-41d6-82bb-a2a136f51e67" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Reptile.yar#L25-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" + logic_hash = "de1f8dc139ca506581119edcbd8d9b19576b0522e86b7f36713538f67a235446" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "765329c644a95224493dcef81186504013ee5c1cda0860e4f5b31eab9857623f" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "parasite_loader" + $str2 = "parasite_loader/encrypt" + $str3 = "kmatryoshka.c" + $str4 = "parasite_loader.mod.c" + $str5 = "reptile.mod.c" + $str6 = "parasite_blob" + $str7 = "name=reptile" + $loader1 = "loader.c" + $loader2 = "custom_rol32" + $loader3 = "do_encode" + $blob = "_blob" + + condition: + ((3 of ($str*)) or ( all of ($loader*))) and $blob +} +rule ELASTIC_Linux_Rootkit_Reptile_Eb201301 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Reptile (Linux.Rootkit.Reptile)" + author = "Elastic Security" + id = "eb201301-b10b-4c88-ae45-6cceb2f6ef6e" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Reptile.yar#L55-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" + logic_hash = "665c791cdcdc3aed7b9dcd6b839b12e3f9a838bef54c698b5d353b44922ea87c" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "7f1948a9e08c3ad9db3492112590bf5f10eb7b992fe3ab5cc5fc52bf81897378" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "Reptile Packet Sender" + $str2 = "Written by F0rb1dd3n" + $str3 = "Reptile Wins" + $str4 = "Written by: F0rb1dd3n" + $opt1 = "-r Remote port from magic packets (only for tcp/udp)" + $opt2 = "-x Magic Packet protocol (tcp/icmp/udp)" + $opt3 = "-s Source IP address to spoof" + $opt4 = "-q Source port from magic packets (only for tcp/udp)" + $opt5 = "-l Host to receive the reverse shell" + $opt6 = "-p Host port to receive the reverse shell" + $opt7 = "-k Token to trigger the port-knocking" + $help1 = "Run the listener and send the magic packet" + $help2 = "Local host to receive the shell" + $help3 = "Local port to receive the shell" + $help4 = "Source host on magic packets (spoof)" + $help5 = "Source port on magic packets (only for TCP/UDP)" + $help6 = "Remote port (only for TCP/UDP)" + $help7 = "Protocol to send magic packet (ICMP/TCP/UDP)" + $rep1 = "Usage: %s [ -c [ connect_back_host ] ] [ -s secret ] [ -p port ]" + $rep2 = "S3cr3tP@ss" + + condition: + all of ($rep*) or (1 of ($str*) and (4 of ($opt*) or 4 of ($help*))) +} +rule ELASTIC_Linux_Rootkit_Reptile_85Abf958 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Reptile (Linux.Rootkit.Reptile)" + author = "Elastic Security" + id = "85abf958-1c81-4b65-ae5c-49f3e5137f07" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Reptile.yar#L94-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" + logic_hash = "955dc251eeec64216eafa5c1ff7574e2ee96e72413b689ba147de9fbfc994864" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "db0f0398bb25e96f2b46d3836fbcc056dc3ac90cfbe6ba6318fd6fa48315432b" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $byte1 = { C7 06 65 78 65 63 C7 46 04 20 62 61 73 C7 46 08 68 20 2D 2D C7 46 0C 72 63 66 69 C7 46 10 6C 65 20 00 } + $byte2 = { C7 07 59 6F 75 20 C7 47 04 61 72 65 20 C7 47 08 61 6C 72 65 C7 47 0C 61 64 79 20 C7 47 10 72 6F 6F 74 C7 47 14 21 20 3A 29 C7 47 18 0A 0A 00 00 } + $byte3 = { C7 47 08 59 6F 75 20 C7 47 0C 68 61 76 65 C7 47 10 20 6E 6F 20 C7 47 14 70 6F 77 65 C7 47 18 72 20 68 65 C7 47 1C 72 65 21 20 C7 47 20 3A 28 20 1B } + $byte4 = { C7 47 08 59 6F 75 20 C7 47 0C 67 6F 74 20 C7 47 10 73 75 70 65 C7 47 14 72 20 70 6F C7 47 18 77 65 72 73 C7 47 1C 21 1B 5B 30 C7 47 20 30 6D 0A 0A } + $byte5 = { C7 06 66 69 6C 65 C7 46 04 2D 74 61 6D C7 46 08 70 65 72 69 C7 46 0C 6E 67 00 00 } + $str1 = "reptile" + $str2 = "exec bash --rcfi" + + condition: + any of ($byte*) or all of ($str*) +} rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY { meta: @@ -74901,8 +75582,8 @@ rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY date = "2022-12-14" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54" logic_hash = "67f97cc4f2886ed296b5b3827dc1d1792136ba8d9d27c20b677c9467618c879d" score = 75 @@ -74934,8 +75615,8 @@ rule ELASTIC_Windows_Vulndriver_Iobitunlocker_Defb90Fd : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://theevilbit.github.io/posts/iobit_unlocker_lpe/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556" hash = "5ce1a8eac73ef1d0741f34d9fb2661da322117a63bffe60ccad092da89664c42" logic_hash = "4b0f440c66b7c9a193f0d6675c2a4246036ebc5c0c83856f45ec40a041e9cd07" @@ -74968,8 +75649,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_35F50Bea : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "9f22b1b7f9e2d7858738d02730ef5477f8d430ad3606ebf4ac8b01314fdc9c46" score = 75 @@ -74998,8 +75679,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_70Bed4F3 : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "3ff97986bfd8df812c4ef94395b3ac7f9ead4d059c398f8984ee217a1bcee4af" score = 75 @@ -75033,8 +75714,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_43Abeeeb : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7e35ba39c2c77775b0394712f89679308d1a4577b6e5d0387835ac6c06e556cb" logic_hash = "976e5b5b4ba73f1b392c2f6b32a86b09b5fd9e5a3510c60b77a39f1e0d705822" score = 75 @@ -75069,8 +75750,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_368C36A0 : FILE MEMORY date = "2023-05-10" modified = "2023-05-10" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d1c32176b46ce171dbce46493eb3c5312db134b0a3cfa266071555c704e6cff8" logic_hash = "6182bde93e18dc6a83a94b50b193f5f29ed9abfa89b53c290818e7dab5bbb334" score = 75 @@ -75103,8 +75784,8 @@ rule ELASTIC_Windows_Trojan_Downtown_901C4Fdd : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6368d37fa9ba4e32131e16bceaee322f2fa8507873d01ebd687536e593354725" score = 75 quality = 75 @@ -75133,8 +75814,8 @@ rule ELASTIC_Windows_Trojan_Downtown_145Ecd2F : FILE MEMORY date = "2023-08-23" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "744a51c5317e265177185d9d0b8838a8fc939b4c56cc5e5bc51d5432d046d9f1" score = 75 quality = 75 @@ -75164,8 +75845,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_9130C0F3 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bed3561210e44c290cd410adadcdc58462816a03c15d20b5be45d227cd7dca6b" logic_hash = "20e9ea15a437a17c4ef68f2472186f6d1ab3118d5b392f84fcb2bd376ec3863a" score = 75 @@ -75196,8 +75877,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_Fc2E1271 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "a20c76e53874fc0fec5fd2660c63c6f1e7c1b2055cbd2a9efdfd114cd6bdda5c" score = 75 @@ -75225,8 +75906,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_86F9Ef0C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59fb018e338908eb69be72ab11837baebf8d96cdb289757f1f4977228e7640a0" logic_hash = "426d533d39e594123f742b15d0a93ded986b9b308685f7b2cfaf5de0b32cdbff" score = 75 @@ -75254,8 +75935,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_40F9C1C3 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e402063ca317867de71e8e3189de67988e2be28d5d773bbaf75618202e80f9f6" logic_hash = "546edc2d6d715eac47e7a8d3ceb91cf314fa6dbee04f0475a5c4a84ba53fd722" score = 75 @@ -75283,8 +75964,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_0F9Fe37C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "84f9e8938d7e2b0210003fc8334b8fa781a40afffeda8d2341970b84ed5d3b5a" score = 75 @@ -75312,8 +75993,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_1F4Bac78 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "96db33e135138846f978026867bb2536226539997d060f41e7081f7f29b66c85" score = 75 @@ -75341,8 +76022,8 @@ rule ELASTIC_Linux_Ransomware_Blacksuit_9F53E7E5 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e" logic_hash = "121e0139385cfef5dff394c4ea36d950314b00c6d7021cf2ca667ee942e74763" score = 75 @@ -75372,8 +76053,8 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b2a1cd801ae68a890b40dbd1601cdfeb5085574637ae8658417d0975be8acb5" logic_hash = "70a954e8b44b1ce46f5ce0ebcf43b46e1292f0b8cdb46aa67f980d3c9b0a6f61" score = 75 @@ -75401,8 +76082,8 @@ rule ELASTIC_Windows_Exploit_CVE_2022_38028_31Fdb122 : FILE MEMORY CVE_2022_3802 date = "2024-06-06" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f" logic_hash = "df0ef11ce8e840c331d1db8f98917367dc2a33b6f1be48adb9d0b86729ecbe99" score = 75 @@ -75430,8 +76111,8 @@ rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY date = "2023-06-26" modified = "2023-06-29" reference = "https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747" logic_hash = "bd6005d72faba6aaeebdcbd8c771995cbfc667faf01eb93825afe985954a47fc" score = 75 @@ -75461,8 +76142,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_D13544D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "fcb2fc7a84fbcd23f9a9d9fd2750c45ff881689670a373fce0cc444183d11999" score = 75 @@ -75490,8 +76171,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ad09E090 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "6c2d548ba9f01444e8fe4b0aa8a0556970acac06d39bb7c87446b6b91ab0d129" score = 75 @@ -75519,8 +76200,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_12299814 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eb3802496bd2fef72bd2a07e32ea753f69f1c2cc0b5a605e480f3bbb80b22676" logic_hash = "52e8bcd0512cedf0fa048b6990a5d331f4302d99b00681c83a76587415894b1e" score = 75 @@ -75548,8 +76229,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_A47B77E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "995b43ccb20343494e314824343a567fd85f430e241fdeb43704d9d4937d76cc" logic_hash = "bd2b14c8b8e2649af837224fadb32bf0fb67ac403189063a8cb10ad344fb8015" score = 75 @@ -75577,8 +76258,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_21D0550B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "c9a12eee281b1e944b5572142c5e18ff087989f45026a94268df22d483210178" score = 75 @@ -75606,8 +76287,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_C8Adb449 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00ec7a6e9611b5c0e26c148ae5ebfedc57cf52b21e93c2fe3eac85bf88edc7ea" logic_hash = "9c43602dc752dd737a983874bee5ec6af145ce5fdd45d03864a1afdc2aec3ad4" score = 75 @@ -75635,8 +76316,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Bcab1E8F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19df7fd22051abe3f782432398ea30f8be88cf42ef14bc301b1676f35b37cd7e" logic_hash = "72643b2860f40c7e901c671d7cc9992870b91912df5d75d2ffba0dfb8684f8d3" score = 75 @@ -75664,8 +76345,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_6671F33A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "a15c842c7c7ec3b11183a1502f8ec03ea786e3f0d47fbab58c62ffff7b018030" score = 75 @@ -75693,8 +76374,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_74418Ec5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d79ad967ac9fc0b1b6d54e844de60d7ba3eaad673ee69d30f9f804e5ccbf2880" logic_hash = "e74463f53611baaec7c8e126218d8353c6e3a5e71c20e98a7035df6b771b690b" score = 75 @@ -75722,8 +76403,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_979160F6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e70097fb263c90576e87e76cc7be391dbf9c9d73bbd7fb8e5ec282e6ac1f648d" score = 75 quality = 75 @@ -75750,8 +76431,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Fe7139E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8b13dc59db58b6c4cd51abf9c1d6f350fa2cb0dbb44b387d3e171eacc82a04de" logic_hash = "d1ef74f2a74950845091b2ebc2f7fd05980bcbd2aea4fdd9549c54cec1768501" score = 75 @@ -75779,8 +76460,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_F35A670C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a73808211ba00b92f8d0027831b3aa74db15f068c53dd7f20fcadb294224f480" logic_hash = "95a8aeffb7193c3f4adfea5b7f0741a53528620c57cbdb4d471d756db03c6493" score = 75 @@ -75808,8 +76489,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_70E5946E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "324deafee2b14c125100e49b90ea95bc1fc55020a7e81a69c7730a57430560f4" score = 75 @@ -75837,8 +76518,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_033F06Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "a0c788dbcd43cab2af1614d5d90ed9e07a45b547241f729e09709d2a1ec24e60" score = 75 @@ -75866,8 +76547,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ce0C185F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "f88c5a295cc62f5a91e26731fc60aaf450376cbb282f43304ba2a5ac5d149dd4" score = 75 @@ -75895,8 +76576,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Da08E491 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4638d9ece32cd1385121146378772d487666548066aecd7e40c3ba5231f54cc0" logic_hash = "f98252c33f8d76981bbc51de87a11a7edca7292a864fc2a305d29cd21961729e" score = 75 @@ -75924,8 +76605,8 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY date = "2023-08-28" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a823380e46878dfa8deb3ca0dc394db1db23bb2544e2d6e49c0eceeffb595875" logic_hash = "a1a484f4cf00ec0775a3f322bae66ce5f9cc52f08306b38f079445233c49bf52" score = 75 @@ -75957,8 +76638,8 @@ rule ELASTIC_Windows_Trojan_Plugx_F338Dab5 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8af3fc1f8bd13519d78ee83af43daaa8c5e2c3f184c09f5c41941e0c6f68f0f7" logic_hash = "0482305a73bc500aa7c266536cb8286ea796f6b1eaba39547bed22313bbb4457" score = 75 @@ -75988,8 +76669,8 @@ rule ELASTIC_Linux_Trojan_Merlin_55Beddd3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Merlin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Merlin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15ccdf2b948fe6bd3d3a7f5370e72cf3badec83f0ec7f47cdf116990fb551adf" logic_hash = "293158c981463544abd0c38694bfc8635ad1a679bbae115521b65879f145cea6" score = 75 @@ -76017,8 +76698,8 @@ rule ELASTIC_Linux_Trojan_Merlin_Bbad69B8 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "e18079c9f018dc8d7f2fdf5c950b405f9f84ad2a5b18775dbef829fe1cb770c3" score = 75 @@ -76046,8 +76727,8 @@ rule ELASTIC_Linux_Trojan_Merlin_C6097296 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "f48ed7f19ab29633600fde4bfea274bf36e7f60d700c9806b334d38a51d28b92" score = 75 @@ -76075,8 +76756,8 @@ rule ELASTIC_Windows_Vulndriver_Hrsword_15B431Ee : FILE MEMORY date = "2023-05-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_HrSword.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_HrSword.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "272e934cec4a84ab92b2bccb98539d73542ea9184960a2c9923d4edc667f4d4f" logic_hash = "d8aed70f101a717efe83adceea0f220fb0b145ab8aa39b6250ac2bc057bf51ce" score = 75 @@ -76105,8 +76786,8 @@ rule ELASTIC_Windows_Ransomware_Stop_1E8D48Ff : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3" logic_hash = "d743feae072a5f3e1b008354352bef48218bb041bc8a5ba39526815ab9cd2690" score = 75 @@ -76135,8 +76816,8 @@ rule ELASTIC_Windows_Hacktool_Blackbone_2Ff5Ec38 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4e3887f950bff034efedd40f1e949579854a24140128246fa6141f2c34de6017" logic_hash = "0c32bd04460cdf7a56664253992a684c2c684b15ac9ca853b27ab24f07f71607" score = 75 @@ -76164,8 +76845,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_70C153B5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "55b133ba805bb691dc27a5d16d3473650360c988e48af8adc017377eed07935b" logic_hash = "e2fc0721435c656a16e59b6747563df17f0f54a4620efc403a3bba717ccb0f38" score = 75 @@ -76193,8 +76874,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_98B00F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c01b88c5d3df7ce828e567bd8d639b135c48106e388cd81497fcbd5dcf30f332" logic_hash = "cf8c5deddf22e7699cd880bd3f9f28721db5ece6705be4f932e1d041893eef71" score = 75 @@ -76222,8 +76903,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2B250178 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "636605cf63d3e335fe9481d4d110c43572e9ab365edfa2b6d16d96b52d6283ef" logic_hash = "067705c52de710372b4a2a3b77427106068ad2d9a8e56602e315d09e7b8b6206" score = 75 @@ -76251,8 +76932,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_67Bf4B54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d33fba4fda6831d22afc72bf3d6d5349c5393abb3823dfa2a5c9e391d2b9ddf" logic_hash = "448f5b9dc3c17984464c15f6d542f495a52b0531acc362dedfe3d1a20b932969" score = 75 @@ -76280,8 +76961,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_504B42Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "dd3ed5350e0229ac714178a30de28893c30708734faec329c776e189493cf930" score = 75 quality = 75 @@ -76308,8 +76989,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1Bb752F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "47aa5516350d5c00d1387649df46ce8f09d87bdfafeaa4cbf1c3ef5f2e0b9023" score = 75 @@ -76337,8 +77018,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D625Fcd2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b95b66392e1a07e0b6acd718a9501cede76e57561e69701e9e881bd3fbd3fe39" score = 75 quality = 75 @@ -76365,8 +77046,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_02D19C01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b6df662f5f7566851b95884c0058e7476e49aeb7a96d2aa203393d88e584972f" logic_hash = "43a1dc49bf75cd13637c37290d47b4d6fc1b2c2ac252b64725c0c64e1dd745c6" score = 75 @@ -76394,8 +77075,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2Dd045Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "30a77ab582f0558829a78960929f657a7c3c03c2cf89cd5a0f6934b79a74b7a4" logic_hash = "fa23ca75027f7a5e73652173c9e84112a0b5cd3008fc453fdb33c980dc7b7b24" score = 75 @@ -76423,8 +77104,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1A814B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "a06f5d5be87153be1253c2e20a60fa36701a745813926be03ee466ce8e2285b0" score = 75 @@ -76452,8 +77133,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_C6218E30 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b43ddd8e355b0c538c123c43832e7c8c557e4aee9e914baaed0866ee5d68ee55" logic_hash = "3efbc3cb1591a9340df10640b411a9ab4c41e0aa26c1677d9def8b82e4c246f4" score = 75 @@ -76481,8 +77162,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_B17A7888 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "65c9fdd7c559554af06cd394dcebece1bc0fdc7dd861929a35c74547376324a6" logic_hash = "a7f6daa5c42d186d2c5a027fdb35b45287c3564a7b57b8a2f53659e6ca90602a" score = 75 @@ -76510,8 +77191,8 @@ rule ELASTIC_Windows_Trojan_Behinder_B9A49F4B : FILE MEMORY date = "2023-03-02" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a50ca8df4181918fe0636272f31e19815f1b97cce6d871e15e03b0ee0e3da17b" logic_hash = "2303ef82e4dc5e8be87ddc4563dcd06963d17e1fbf25cf246a6c81e4e74adbcb" score = 75 @@ -76541,8 +77222,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "2b4cd9316e2fda882c95673edecb9c82a03ef4fdcc2d2e25783644cc5dfb5bf0" score = 75 @@ -76574,8 +77255,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_3Fef514B : FILE MEMORY date = "2024-05-30" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4ad024f53595fdd380f5b5950b62595cd47ac424d2427c176a7b2dfe4e1f35f7" logic_hash = "865ea1e54950a465b71939a41f7a726ccddcfa9f0d777ea853926f65bca0da84" score = 75 @@ -76603,8 +77284,8 @@ rule ELASTIC_Linux_Exploit_Criscras_Fc505C1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab" logic_hash = "4d84570c13c584fb7360e798df9f3e6039ee74fdb6ad597add0ea150e3deaa80" score = 75 @@ -76632,8 +77313,8 @@ rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1" logic_hash = "efc1259f4ed05c8f41df75c056d36fd5a808a92b5c88cfb0522caedea39476b4" score = 75 @@ -76668,8 +77349,8 @@ rule ELASTIC_Windows_Vulndriver_Threatfire_Cbe7Ac92 : FILE MEMORY date = "2024-08-19" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ThreatFire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ThreatFire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856" logic_hash = "689e17c9fdfc9de10a2cf3d39306103712504ab46db35ac65ed0340c83af240d" score = 75 @@ -76698,8 +77379,8 @@ rule ELASTIC_Windows_Hacktool_Clroxide_D92D9575 : FILE MEMORY date = "2024-02-29" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3a4900eff80563bff586ced172c3988347980f902aceef2f9f9f6d188fac8e3" logic_hash = "01bb071e1286bb139c5e1c37e421153ef1b28a5994feeaedf6ad27ad7dade5e9" score = 75 @@ -76733,8 +77414,8 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY date = "2023-05-16" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d911566ca546a8546928cd0ffa838fd344b35f75a4a7e80789d20e52c7cd38d0" score = 75 quality = 75 @@ -76763,8 +77444,8 @@ rule ELASTIC_Windows_Trojan_Generic_A681F24A : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa" logic_hash = "72bfefc8f92dbe65d197e02bf896315dcbc54d7b68d0434f43de026ccf934f40" score = 75 @@ -76794,8 +77475,8 @@ rule ELASTIC_Windows_Trojan_Generic_Ae824B13 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "cee46c1efdaa1815606f932a4f79b316e02c1b481e73c4c2f8b7c72023e8684c" score = 75 quality = 67 @@ -76825,8 +77506,8 @@ rule ELASTIC_Windows_Trojan_Generic_Eb47E754 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1d96e813ed0261bd0d7caca2803ed8d5fe4d77ea00efc9130eef86aa872c4656" score = 75 quality = 67 @@ -76856,8 +77537,8 @@ rule ELASTIC_Windows_Trojan_Generic_C7Fd8D38 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L67-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L67-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a1702ec12c2bf4a52e11fbdab6156358084ad2c662c8b3691918ef7eabacde96" logic_hash = "81c56cd741692a7f2a894c2b8f2676aad47f14221228b9466a2ab0f05d76c623" score = 75 @@ -76889,8 +77570,8 @@ rule ELASTIC_Windows_Trojan_Generic_Bbe6C282 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L91-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L91-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "fe874d69ae71775cf997845c90e731479569e2ac1ac882a4b8c3c73d015b1f30" score = 75 @@ -76918,8 +77599,8 @@ rule ELASTIC_Windows_Trojan_Generic_889B1248 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L111-L132" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L111-L132" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53" logic_hash = "b3bb93b95377d6c6606d29671395b78c0954cc47d5cc450436799638d0458469" score = 75 @@ -76950,8 +77631,8 @@ rule ELASTIC_Windows_Trojan_Generic_02A87A20 : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L134-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L134-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "610db1b429ed2ecfc552f73ed4782cb56254e6fc98b728ffeff6938fbcce9616" score = 75 @@ -76979,8 +77660,8 @@ rule ELASTIC_Windows_Trojan_Generic_4Fbff084 : FILE MEMORY date = "2023-02-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7010a69ba77e65e70f4f3f4a10af804e6932c2218ff4abd5f81240026822b401" logic_hash = "47d1a01e0edee3239d99ff1f32eb4cfc77d6e38823fed799a562e142d3d3a22d" score = 75 @@ -77011,8 +77692,8 @@ rule ELASTIC_Windows_Trojan_Generic_73Ed7375 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L177-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L177-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2b17328a3ef0e389419c9c86f81db4118cf79640799e5c6fdc97de0fc65ad556" logic_hash = "7e27c9377d0b2058a2a36da4ac7d37a54c566f3246e69aa356171edae6b478c5" score = 75 @@ -77041,8 +77722,8 @@ rule ELASTIC_Windows_Trojan_Generic_96Cdf3C4 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L198-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L198-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9a4d68de36f1706a3083de7eb41f839d8c7a4b8b585cc767353df12866a48c81" logic_hash = "f92e5549aca320d71e1eec8daa82e8bbf3517c7f23f376bb355fdfa32da2e7a9" score = 75 @@ -77071,8 +77752,8 @@ rule ELASTIC_Windows_Trojan_Generic_F0C79978 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L219-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L219-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8f800b35bfbc8474f64b76199b846fe56b24a3ffd8c7529b92ff98a450d3bd38" logic_hash = "b16971ed0947660dda8d79c11531a9498a80e00f2dbc2c0eb63895b7f5c5f980" score = 75 @@ -77101,8 +77782,8 @@ rule ELASTIC_Windows_Trojan_Generic_40899C85 : FILE MEMORY date = "2023-12-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L240-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L240-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88eb4f2e7085947bfbd03c69573fdca0de4a74bab844f09ecfcf88e358af20cc" logic_hash = "317034add0343baa26548712de8b2acc04946385fbee048cea0bd8d7ae642b36" score = 75 @@ -77132,8 +77813,8 @@ rule ELASTIC_Windows_Trojan_Generic_9997489C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L262-L290" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L262-L290" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "857bbf64ced06f76eb50afbfbb699c62e11625196213c2e5267b828cca911b74" score = 75 quality = 75 @@ -77171,8 +77852,8 @@ rule ELASTIC_Windows_Trojan_Generic_2993E5A5 : FILE MEMORY date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L292-L310" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L292-L310" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9f9b926cef69e879462d9fa914dda8c60a01f3d409b55afb68c3fb94bf1a339b" logic_hash = "37a10597d1afeb9411f6c652537186628291cbe6af680abe12bb96591add7e78" score = 75 @@ -77200,8 +77881,8 @@ rule ELASTIC_Windows_Trojan_Generic_0E135D58 : FILE MEMORY date = "2024-03-19" modified = "2024-03-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Generic.yar#L312-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Generic.yar#L312-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c" logic_hash = "bc10218b1d761f72836bb5f9bb41d3f0fe13c4baa1109025269f938ec642aec4" score = 75 @@ -77229,8 +77910,8 @@ rule ELASTIC_Windows_Vulndriver_Cpuz_A53D1446 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6" logic_hash = "37da20f5fe1377fe85594055dc811424f52e53a9d77060c6784c2e4d1279e26f" score = 75 @@ -77260,8 +77941,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_3793364E : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c9f03767b92bb2c44f6b386e1f0a521f1a7a063cf73799844cc3423d4a7de7be" score = 75 quality = 75 @@ -77289,8 +77970,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_E510798D : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7919bb5f19745a1620e6be91622c40083cbd2ddb02905215736a2ed11e9af5c4" score = 75 quality = 75 @@ -77318,8 +77999,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_63084Eea : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3fe64502992281511e942b8f4541d61b33e900dbe23ea9f976c7eb9522ce4cbd" score = 75 quality = 75 @@ -77346,8 +78027,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_C2D80609 : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "694a0f917f106fbdde4c8e5dd8f9cdce56e9423ce5a7c3a5bf30bf43308d42e9" score = 75 quality = 75 @@ -77374,8 +78055,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY date = "2023-09-25" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fd5cfe2558a7c02a617003140cdcf477ec451ecea4adf2808bef8f93673c28f1" score = 75 quality = 75 @@ -77407,8 +78088,8 @@ rule ELASTIC_Windows_Vulndriver_Rweverything_Aee156A5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b" logic_hash = "46b7f2ad46564c6b99f0df6146dff7c88ccbe3ad6c6d1bcbefe756606c4fe40e" score = 75 @@ -77437,8 +78118,8 @@ rule ELASTIC_Windows_Trojan_Bazar_711D59F6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e" logic_hash = "3bde62b468c44bdc18878fd369a7f0cf06f7be64149587a11524f725fa875f69" score = 75 @@ -77466,8 +78147,8 @@ rule ELASTIC_Windows_Trojan_Bazar_9Dddea36 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "63df43daa61f9a0fbea2e5409b8f0063f7af3363b6bc8d6984ce7e90c264727d" logic_hash = "cf88e2e896fce742ad3325d53523167d6eb42188309ed4e66f73601bbb85574e" score = 75 @@ -77495,8 +78176,8 @@ rule ELASTIC_Windows_Trojan_Bazar_3A2Cc53B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417" logic_hash = "8cde37be646dbcf7e7f5e3f28f0fe8c95480861c62fa2ee8cdd990859313756c" score = 75 @@ -77524,8 +78205,8 @@ rule ELASTIC_Windows_Trojan_Bazar_De8D625A : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ad9ac4785b82c8bfa355c7343b9afc7b1f163471c41671ea2f9152a1b550f0c" logic_hash = "5fd7bb4ac818ec1b4bfcb7d236868a31b2f726182407c07c7f06c1d7e9c15d02" score = 75 @@ -77553,8 +78234,8 @@ rule ELASTIC_Windows_Trojan_Xpertrat_Ce03C41D : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d7f2fddb43eb63f9246f0a4535dfcca6da2817592455d7eceaacde666cf1aaae" logic_hash = "f6ff0a11f261bc75c9d0015131f177d39bb9e8e30346a75209ba8fa808ac4fcb" score = 75 @@ -77584,8 +78265,8 @@ rule ELASTIC_Windows_Hacktool_Sharplaps_381C3F40 : FILE MEMORY date = "2022-12-22" modified = "2022-12-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425" logic_hash = "d94f9e4200a63283346919c121873130ad90e4ad5979c017cb71dc0cc910a64a" score = 75 @@ -77620,8 +78301,8 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "177875c756a494872c516000beb6011cec22bd9a73e58ba6b2371dba2ab8c337" logic_hash = "5abac5e32e55467710842e19c25cab5c7f1cdb0f8a68fb6808d54467c69ebdf6" score = 75 @@ -77645,6 +78326,43 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Melofee_25D42Bdd : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Melofee (Linux.Rootkit.Melofee)" + author = "Elastic Security" + id = "25d42bdd-f6ee-458c-a102-7123225f0be2" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Melofee.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "5830862707711a032728dfa6a85c904020766fa316ea85b3eef9c017f0e898cc" + logic_hash = "5af18434295e80403c3587165cd9db3b771d8f06eaa467e1161a0cd213446bee" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "964cf1d468b829064c681c6b22bce00c4ef3536243fc5d1bac16879e0b68d9b2" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "hide_proc" + $str2 = "find_hide_name" + $str3 = "hide_module" + $str4 = "unhide_chdir" + $str5 = "hide_content" + $str6 = "hidden_chdirs" + $str7 = "hidden_tcp_conn" + $str8 = "HIDETAGOUT" + $str9 = "HIDETAGIN" + + condition: + 4 of them +} rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY { meta: @@ -77654,8 +78372,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "82db0985f215da1d84e16fce94df7553b43b06082bf5475515dbbcf016c40fe4" score = 75 @@ -77683,8 +78401,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_F2298A50 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "6c2c9b6aea1fb35f8f600dd084ed9cfd56123f7502036e76dd168ccd8b43b28f" score = 75 @@ -77712,8 +78430,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_851Fc7Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "9f271a16fe30fbf0c16533522b733228f19e0c44d173e4c0ef43bf13323e7383" score = 75 @@ -77741,8 +78459,8 @@ rule ELASTIC_Windows_Vulndriver_Windivert_25991186 : FILE MEMORY date = "2024-06-20" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_WinDivert.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_WinDivert.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2" logic_hash = "a67679bb2f23d1f6691c9ad23da1fd4c2402701ba1929c7abf078d7d95011a08" score = 75 @@ -77770,8 +78488,8 @@ rule ELASTIC_Linux_Trojan_Sshdkit_18A0B82A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "003245047359e17706e4504f8988905a219fcb48865afea934e6aafa7f97cef6" logic_hash = "4b7a78ebf3c114809148cc9855379b2e63c959966272ad45759838d570b42016" score = 75 @@ -77799,8 +78517,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Af6Decc6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "50ec446e8fd51129c7333c943dfe62db099fe1379530441f6b102fcbe3bc0dbd" score = 75 @@ -77829,8 +78547,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_58091F64 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "8a7388e9c3dd0dd1a79215dbabcd964a0afa883490611afb6bb500635fbfff9a" score = 75 @@ -77858,8 +78576,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Deb6325C : FILE MEMORY date = "2022-06-28" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27" logic_hash = "94f70c60ed4fab021e013cf6a632321e0e1bdeef25a48a598d9e7388e7e445ca" score = 75 @@ -77890,8 +78608,8 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE date = "2022-04-27" modified = "2022-05-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1" logic_hash = "e5f972ad9a31aefbd20237e6ea3dd19a025c2e3487fa080e9f9b8acf1e3f58e6" score = 75 @@ -77921,8 +78639,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8d2a9e363752839a09001a9e3044ab7919daffd9d9aee42d936bc97394164a88" logic_hash = "e3e9934ee8ce6933f676949c5b5c82ad044ac32f08fe86697b0a0cf7fb63fc5e" score = 75 @@ -77950,8 +78668,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_52462Fe8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1d8c64105caecbd90c6e19cf89301a4dc091c44ab108e780bdc8791a94caaad" logic_hash = "1ab6979392eeaa7bd6bd84f8d3531bd9071c54b58306a42dcfdd27bf7ec8f8cd" score = 75 @@ -77979,8 +78697,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_De9E7Bdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "447da7bee72c98c2202f1919561543e54ec1b9b67bd67e639b9fb6e42172d951" logic_hash = "bdc4a3e4eeffc0d32e6a86dda54beceab8301d0065731d9ade390392ab4c6126" score = 75 @@ -78008,8 +78726,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_B41F70C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19c1a54279be1710724fc75a112741575936fe70379d166effc557420da714cd" logic_hash = "02de55c537da1cc03af26a171c768ad87984e45983c3739f90ad9983c70e7ccf" score = 75 @@ -78037,8 +78755,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_1D307D7C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00bc669f79b2903c5d9e6412050655486111647c646698f9a789e481a7c98662" logic_hash = "de4807353d2ba977459a1bf7f51fd815e311c0bdc5fccd5e99fd44a766f6866f" score = 75 @@ -78066,8 +78784,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_7F7Aba78 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7" logic_hash = "a3b46d29fa51dd6a911cb9cb0e67e9d57d3f3b6697dc8edcc4d82f09d9819a92" score = 75 @@ -78095,8 +78813,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_Ab8Ba790 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2aee0c74d9642ffab1f313179c26400acf60d7cbd2188bade28534d403f468d4" logic_hash = "2a7a71712ad3f756a2dc53ec80bd9fb625f7c679fd9566945ebfeb392b9874a9" score = 75 @@ -78124,8 +78842,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_Be1973Ed : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "65f9daabf44006fe4405032bf93570185248bc62cd287650c68f854b23aa2158" score = 75 @@ -78153,8 +78871,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_1D057993 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "c5e15e21946816052d5a8dc293db3830f1d6d06cdbf22eb8667b655206dbbc1f" score = 75 @@ -78182,8 +78900,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_29C12775 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "a8eb79fdf57811f4ffd5a7c5ec54cf46c06281f8cd4d677aec1ad168d6648a08" score = 75 @@ -78211,8 +78929,8 @@ rule ELASTIC_Linux_Trojan_Pnscan_20E34E35 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7dbd5b709f16296ba7dac66dc35b9c3373cf88452396d79d0c92d7502c1b0005" logic_hash = "1e69ef50d25ffd0f38ed0eb81ab3295822aa183c5e06f307caf02826b1dfa011" score = 75 @@ -78240,8 +78958,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_05088561 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "2b0f8a4efdfb13abcc2a1b43e9c39828ea1de6015fef0ef613bd754da5aa3e9a" score = 75 @@ -78269,8 +78987,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Ae8B98A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "aade76488aa2f557de9082647153cca374a4819cd8e539ebba4bfef2334221b0" score = 75 quality = 75 @@ -78297,8 +79015,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_D707Fd3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "b825247372aace6e3ce0ff1d9685b6bb041b7277f8967d5f5926b49813cfadc9" score = 75 @@ -78326,8 +79044,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_52Dc7Af3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a9c14b51f95d0c368bf90fb10e7d821a2fbcc79df32fd9f068a7fc053cbd7e83" logic_hash = "81998164f517b6f1ef72b10227cfff86aa8bbd2b4e2668f946c8ed59696ae74d" score = 75 @@ -78355,8 +79073,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Bb3153Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b974b6e6a239bcdc067c53cc8a6180c900052d7874075244dc49aaaa9414cca" logic_hash = "e8516a24358b12863fe52c823ca67f0004457017334fe77dabf5f08d6bf2d907" score = 75 @@ -78384,8 +79102,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_B548D151 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "cf76a311de9d292a2ea09b3937b8eb7fd761b7c33a464a31acf6b9a5bf121959" score = 75 @@ -78413,8 +79131,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_8394F6D5 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "50a9b65ca6dde4fc32d2d57e72042f4380dd6c263ec5c33ce7c158151b91a5ae" score = 75 @@ -78442,8 +79160,8 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "97e67ac77d80d26af4897acff2a3f6075e0efe7997a67d8194e799006ed5efc9" logic_hash = "32f79695829f703bf9996d212aeb563791aed28e1bbb9f700cb45325fd02db77" score = 75 @@ -78463,6 +79181,39 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Perfctl_Ce456896 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Perfctl (Linux.Rootkit.Perfctl)" + author = "Elastic Security" + id = "ce456896-1a13-4e31-8913-55f5b49badcb" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Perfctl.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "69de4c062eebb13bf2ee3ee0febfd4a621f2a17c3048416d897aecf14503213a" + logic_hash = "d3782e9674b20fc3efccf7491659969e09f74c2467f1643fe8f5019102f4ee54" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "feda52cd93fa66194b030d5cb759ceef9b97073bb765349e8f06af6f37b547bc" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $a1 = { 48 01 D0 48 89 45 F0 48 8B 45 F0 48 89 C6 48 C7 C7 FF FF FF FF } + $a2 = { BF 5E F8 00 00 E8 ?? ?? FF FF 66 89 85 52 FF FF FF BF 01 00 00 7F E8 ?? ?? FF FF 89 85 54 FF FF FF } + $str1 = "r;rr" wide + $str2 = { 0D 0A 25 73 0D 0A } + $str3 = "rrr01" wide + + condition: + any of ($a*) or 2 of ($str*) +} rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY { meta: @@ -78472,8 +79223,8 @@ rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac" logic_hash = "6fe19cfc572a3dceba5e26615d111a3c0fa1036e275a5640a5c5a8f8cdaf6dc1" score = 75 @@ -78501,8 +79252,8 @@ rule ELASTIC_Windows_Ransomware_Maui_266Dea64 : FILE MEMORY date = "2022-07-08" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e" logic_hash = "2094920615b6297adb222003d25a8d0934a89f24869e7e70644a4956021c7afc" score = 75 @@ -78540,8 +79291,8 @@ rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46" logic_hash = "459429fb4e5156890f19c451e48676c9cd06eaab1c2eaea9236737c795086b5f" score = 75 @@ -78569,8 +79320,8 @@ rule ELASTIC_Linux_Rootkit_Arkd_Bbd56917 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e0765f0e90839b551778214c2f9ae567dd44838516a3df2c73396a488227a600" logic_hash = "5e1ce9c37d92222e21b43f9e5f3275a70c6e8eb541c3762f9382c5d5c72fb50d" score = 75 @@ -78598,8 +79349,8 @@ rule ELASTIC_Windows_Hacktool_Sharpdump_7C17D8B1 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "14c3ea569a1bd9ac3aced4f8dd58314532dbf974bfa359979e6c7b6a4bbf41ca" logic_hash = "10ca29b097d9f1cef27349751e8f1e584ead1056a636224a80f00823ca878c13" score = 75 @@ -78631,8 +79382,8 @@ rule ELASTIC_Linux_Ransomware_Royalpest_502A3Db6 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "09a79e5e20fa4f5aae610c8ce3fe954029a91972b56c6576035ff7e0ec4c1d14" logic_hash = "aefb5a286636b827b50e4bc0ea978a75ba6a9e572504bfbc0a7700372c54a077" score = 75 @@ -78663,8 +79414,8 @@ rule ELASTIC_Windows_Rootkit_R77_5Bab748B : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c" logic_hash = "ebf851ef41fde8e3118acc742cd2b38651f662a00f11dd6f7c65cf56019c43d5" score = 75 @@ -78692,8 +79443,8 @@ rule ELASTIC_Windows_Rootkit_R77_Eb366Abc : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "21e7f69986987fc75bce67c4deda42bd7605365bac83cf2cecb25061b2d86d4f" logic_hash = "3d6f1c60bf749c53f4a4fcfd6490d309e4450d5f7e64de4665c3d80af1bce44f" score = 75 @@ -78722,8 +79473,8 @@ rule ELASTIC_Windows_Rootkit_R77_99050E7D : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3dc94c88caa3169e096715eb6c2e6de1b011120117c0a51d12f572b4ba999ea6" logic_hash = "0fedf4698cc652076090b1fe256d05d2c0bc3ad2ab7ed5faa270c5c7fe0efca1" score = 75 @@ -78752,8 +79503,8 @@ rule ELASTIC_Windows_Rootkit_R77_Be403E3C : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91c6e2621121a6871af091c52fafe41220ae12d6e47e52fd13a7b9edd8e31796" logic_hash = "efbf924c7a299f2543c639b6262007eb3bdbf6ff5e33dab7d6102814b9477811" score = 75 @@ -78781,8 +79532,8 @@ rule ELASTIC_Windows_Rootkit_R77_Ee853C9F : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L87-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L87-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "916c805b0d512dd7bbd88f46632d66d9613de61691b4bd368e4b7cb1f0ac7f60" logic_hash = "94f080f310ecace76da32ba2b4edcc80dedfb339113823708167c1d842db8cf3" score = 75 @@ -78816,8 +79567,8 @@ rule ELASTIC_Windows_Rootkit_R77_D0367E28 : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Rootkit_R77.yar#L114-L141" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Rootkit_R77.yar#L114-L141" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96849108e13172d14591169f8fdcbf8a8aa6be05b7b6ef396d65529eacc02d89" logic_hash = "588b18c54c344ca267b86143df20c7dcaab081e0ef6acae0bd0dae61593eb521" score = 75 @@ -78853,8 +79604,8 @@ rule ELASTIC_Linux_Exploit_Perl_4A4B8A42 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Perl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Perl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "c1f7b1c20fe6db6acbe46be38cc97a40de6ca047a4e4490e86610dbff356b395" score = 75 @@ -78882,8 +79633,8 @@ rule ELASTIC_Linux_Exploit_Perl_982Bb709 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Perl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Perl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "b38e6cb15034c38c31f6b267b9ecaabe8dfa950a2fc8863cfff7705182cffb3a" score = 75 @@ -78911,8 +79662,8 @@ rule ELASTIC_Windows_Trojan_Diamondfox_18Bc11E3 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "c64e4b3349b33cfd0fec1fe41f91ad819bb6b6751e822d7ab8d14638ad27571d" score = 75 @@ -78944,8 +79695,8 @@ rule ELASTIC_Windows_Trojan_Amadey_7Abb059B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e" logic_hash = "23b75d6df9e2a7f8e1efee46ecaf1fc84247312b19a8a1941ddbca1b2ce5e1db" score = 75 @@ -78973,8 +79724,8 @@ rule ELASTIC_Windows_Trojan_Amadey_C4Df8D4A : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2" logic_hash = "7f96c4de585223033fb7e7906be6d6898651ecf30be51ed01abde18ef52c0e1e" score = 75 @@ -79002,8 +79753,8 @@ rule ELASTIC_Linux_Trojan_Swrort_5Ad1A4F9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fa5695c355a6dc1f368a4b36a45e8f18958dacdbe0eac80c618fbec976bac8fe" logic_hash = "3a1fa978e0c8ab0dd4e7965a3f91306d6123c19f21b86d3f8088979bf58c3a07" score = 75 @@ -79031,8 +79782,8 @@ rule ELASTIC_Linux_Trojan_Swrort_4Cb5B116 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "703c16d4fcc6f815f540d50d8408ea00b4cf8060cc5f6f3ba21be047e32758e0" logic_hash = "9404856fc3290f3a8f9bf891fde9a614fc4484719eb3b51ce7ab601a41e0c3a5" score = 75 @@ -79060,8 +79811,8 @@ rule ELASTIC_Linux_Trojan_Swrort_22C2D6B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6df073767f48dd79f98e60aa1079f3ab0b89e4f13eedc1af3c2c073e5e235bbc" logic_hash = "f661544d267a55feec786ab3d4fc4f002afa8e2b58833461f56b745ec65acfd4" score = 75 @@ -79089,8 +79840,8 @@ rule ELASTIC_Windows_Trojan_Doubleback_D2246A35 : FILE MEMORY date = "2022-05-29" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012" logic_hash = "2241d2c6e5b5896fe6f3b02cb1786c39fa620ee503c4585bd75c8763b6d3c06a" score = 75 @@ -79130,8 +79881,8 @@ rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea" logic_hash = "f473673afc211b02328f4e9d88e709acd95bf4b1fa565f5aca972b92324bf589" score = 75 @@ -79162,8 +79913,8 @@ rule ELASTIC_Windows_Hacktool_Ringq_B9715540 : FILE MEMORY date = "2024-06-28" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_RingQ.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_RingQ.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "450e01c32618cd4e4a327147896352ed1b34dca9fb28389dba450acf95f8b735" logic_hash = "80d693c43a7026d28121e035ae875689512fd46d7f06c3f469b83d6fe707f36b" score = 75 @@ -79197,8 +79948,8 @@ rule ELASTIC_Windows_Hacktool_Sharpwmi_A67D6Fe5 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2134a5e1a5eece1336f831a7686c5ea3b6ca5aaa63ab7e7820be937da0678e15" logic_hash = "de8749951ece8d4798ade4661d531515e12edf8e8606ddc330000d847a66a26c" score = 75 @@ -79234,8 +79985,8 @@ rule ELASTIC_Windows_Vulndriver_Powerprofiler_2Eedff78 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05" logic_hash = "c4a7ae2ffdf70984cea5b543af93b202c78b6108da1e442186d24071b44d6259" score = 75 @@ -79265,8 +80016,8 @@ rule ELASTIC_Windows_Vulndriver_Iqvw_B8B45E6B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9" logic_hash = "b0a8716f550ba231ca7db61bafd6effbc351faa45864f9ebf7be81f63f14a933" score = 60 @@ -79296,8 +80047,8 @@ rule ELASTIC_Linux_Virus_Rst_1214E2Ae : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Virus_Rst.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Virus_Rst.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b0e4f44d2456960bb6b20cb468c4ca1390338b83774b7af783c3d03e49eebe44" logic_hash = "82de4a97f414d591daba2d5d49b941ec4c51d6a6af36f97f062eaac5c74ebe30" score = 75 @@ -79325,8 +80076,8 @@ rule ELASTIC_Windows_Trojan_Revcoderat_8E6D4182 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "77732e74850050bb6f935945e510d32a0499d820fa1197752df8bd01c66e8210" logic_hash = "35626d752b291e343350534aece35f1d875068c2c050d12312a60e67753c71e1" score = 75 @@ -79357,8 +80108,8 @@ rule ELASTIC_Windows_Trojan_Vidar_9007Feb2 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "fcdef7397f17ee402155e526c6fa8b51f3ea96e203a095b0b4c36cb7d3cc83d1" score = 75 @@ -79386,8 +80137,8 @@ rule ELASTIC_Windows_Trojan_Vidar_114258D5 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "9ea3ea0533d14edd0332fa688497efd566a890d1507214fc8591a0a11433d060" score = 75 @@ -79420,8 +80171,8 @@ rule ELASTIC_Windows_Trojan_Vidar_32Fea8Da : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6f5c24fc5af2085233c96159402cec9128100c221cb6cb0d1c005ced7225e211" logic_hash = "1a18cdc3bd533c34eb05b239830ecec418dc76ee9f4fcfc48afc73b07d55b3cd" score = 75 @@ -79451,8 +80202,8 @@ rule ELASTIC_Windows_Trojan_Vidar_C374Cd85 : FILE MEMORY date = "2024-01-31" modified = "2024-10-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Vidar.yar#L68-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Vidar.yar#L68-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1c677585a8b724332849c411ffe2563b2b753fd6699c210f0720352f52a6ab72" logic_hash = "8e183f780400f3bf9840798d53b431a4bf28bc43e07d69a3d614217e02f5dd79" score = 75 @@ -79480,8 +80231,8 @@ rule ELASTIC_Windows_Trojan_Vidar_65D3D7E5 : FILE MEMORY date = "2024-10-14" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Vidar.yar#L88-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Vidar.yar#L88-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "83d7c2b437a5cbb314c457d3b7737305dadb2bc02d6562a98a8a8994061fe929" logic_hash = "2b340f43faf563c7edbce6323d551208c4d9541d7153ea6c1c0d9a95b351e54b" score = 75 @@ -79517,8 +80268,8 @@ rule ELASTIC_Windows_Trojan_Havoc_77F3D40E : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3427dac129b760a03f2c40590c01065c9bf2340d2dfa4a4a7cf4830a02e95879" logic_hash = "3d2733ed24d90e9e851ec36a08c497e9c90b47c3dcbb8755e3f6b6a6bd3a8b54" score = 75 @@ -79562,8 +80313,8 @@ rule ELASTIC_Windows_Trojan_Havoc_9C7Bb863 : FILE MEMORY date = "2023-04-28" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "261b92d9e8dcb9d0abf1627b791831ec89779f2b7973b1926c6ec9691288dd57" logic_hash = "c1245c38c54b0a72fb335680d9ea191390e4e2fe7e47a3ed776878c5e01a3e16" score = 75 @@ -79592,8 +80343,8 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2f0b59f8220edd0d34fba92905faf0b51aead95d53be8b5f022eed7e21bdb4af" logic_hash = "f79b39cc2ca4bbf6ad4b6585a9914a75797110d6fb68bcb7141c5c3d0429c412" score = 75 @@ -79621,8 +80372,8 @@ rule ELASTIC_Windows_Trojan_Havoc_Ffecc8Af : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "495d323651c252e38814b77b9c6c913b9489e769252ac8bbaf8432f15e0efe44" logic_hash = "c9da6215db1de91a6cd52dd6558dc5a60bbd69abc6fa0db8714f001cdae20ddb" score = 75 @@ -79661,8 +80412,8 @@ rule ELASTIC_Linux_Trojan_Snessik_D166F98C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3ececc2edfff2f92d80ed3a5140af55b6bebf7cae8642a0d46843162eeddddd" logic_hash = "44f15a87d48338aafa408d4bcabef844c8864cd95640ad99208b5035e28ccd27" score = 75 @@ -79690,8 +80441,8 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e24749b07f824a4839b462ec4e086a4064b29069e7224c24564e2ad7028d5d60" logic_hash = "4850530a0566844447f56f4e5cb43c5982b1dcb784bb1aef3e377525b8651ed3" score = 75 @@ -79710,6 +80461,50 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Hiddenwasp_8408057B : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Hiddenwasp (Linux.Rootkit.HiddenWasp)" + author = "Elastic Security" + id = "8408057b-4cfa-4712-b69a-201561690c2d" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_HiddenWasp.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "7c5e20872bc0ac5cce83d4c68485743cd16a818cd1e495f97438caad0399c847" + logic_hash = "1d21cdd38d7428c498eface37fb8b1ca1e99295c88f57cb638871753d0be0f15" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "18171748d498def35fd97e342785ee13e02b0ff926defc50705d56372b62b5f2" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "HIDE_THIS_SHELL" + $str2 = "I_AM_HIDDEN" + $func1 = "hiding_hideproc" + $func2 = "hiding_unhidefile" + $func3 = "hiding_hidefile" + $func4 = "hiding_unhideproc" + $func5 = "/proc/hide-%d" + $func6 = "hiding_disable_logging" + $func7 = "hiding_init" + $func8 = "hiding_uninstall" + $func9 = "hiding_removeproc" + $func10 = "hiding_makeroot" + $func11 = "hiding_free" + $func12 = "hiding_enable_logging" + $func13 = "hiding_getvers" + $func14 = "hidden_services" + + condition: + all of ($str*) or 5 of ($func*) +} rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY { meta: @@ -79719,8 +80514,8 @@ rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713" logic_hash = "c22a4efaaf97d68deaf1978e637dd7f790541e5007c6323629bcc9e3d4eecd06" score = 75 @@ -79751,8 +80546,8 @@ rule ELASTIC_Linux_Trojan_Ebury_7B13E9B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "30d126ffc5b782236663c23734f1eef21e1cc929d549a37bba8e1e7b41321111" score = 75 quality = 75 @@ -79779,8 +80574,8 @@ rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8a0a9740cf928b3bd1157a9044c6aced0dfeef3aa25e9ff9c93e113cbc1117ee" logic_hash = "590b28264345ea0bdbd53791f422cb4f1fad143df2b790824fc182356a568d7d" score = 75 @@ -79818,8 +80613,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_986D2D3C : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" logic_hash = "d767a1ecdff557753f80ac9d73f02364dd035f7a287d0f260316f807364af2d5" score = 75 @@ -79847,8 +80642,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_Cdf192F9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d" logic_hash = "2f844b6d3fa19fd39097395175162578ad71d78c61dad104efd320cd8285fa6b" score = 75 @@ -79876,8 +80671,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_0Eca57Dc : FILE date = "2023-07-20" modified = "2023-07-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3" hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f" logic_hash = "82a0cba571dc58ed8d3fd87d3650ec0c1016e6c8e972547f6120ba91c8febce1" @@ -79908,8 +80703,8 @@ rule ELASTIC_Windows_Trojan_Phoreal_66E91De3 : FILE MEMORY date = "2022-02-16" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de" logic_hash = "c68131fd5e0272d3d473db387a186056a38e6611925ae448d5b668022e6e163a" score = 75 @@ -79940,8 +80735,8 @@ rule ELASTIC_Windows_Trojan_Hancitor_6738D84A : FILE MEMORY date = "2021-06-17" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a674898f39377e538f9ec54197689c6fa15f00f51aa0b5cc75c2bafd86384a40" logic_hash = "448243b6925c4e419b1fd492ac5e8d43a7baa4492ba7a5a0b44bc8e036c77ec2" score = 75 @@ -79971,8 +80766,8 @@ rule ELASTIC_Windows_Vulndriver_Speedfan_9B590Eee : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c" logic_hash = "6f75c0e6b89dd1ceb85c73b7e51fd261ca2804e14a5f8ed6ce3352b3f1bcdfe4" score = 75 @@ -80001,8 +80796,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_825B6808 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7db9a0760dd16e23cb299559a0e31a431b836a105d5309a9880fa4b821937659" logic_hash = "f5f997d8401f1505e81072dcb0e24ad7a78f0b56133698b70d8dd93ef25ddaf3" score = 75 @@ -80030,8 +80825,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A44Ab8Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b2068a4a666b0279358b8eb4f480d2df4c518a8b4518d0d77c6687c3bff0a32" logic_hash = "a0501f76aff532366292189d34a57844ba999748b94f349be2f391dfd96e2106" score = 75 @@ -80059,8 +80854,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7026F674 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7a77ebb66664c54d01a57abed5bb034ef2933a9590b595bba0566938b099438" logic_hash = "ec8ece1f922260f620fb30d82469f77a4d0239da536fc464fc37a3943cd6e463" score = 75 @@ -80088,8 +80883,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_761Ad88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "2b0c64da713e2f8ff671cbe086638810bc02a983d42851e78c68a57bde9f023c" score = 75 @@ -80117,8 +80912,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B93655D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "34cb06385543c6c2c562f757df2f641d8402e7c9f95fa924e17652a1c38d695f" score = 75 quality = 75 @@ -80145,8 +80940,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Af9F75E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "b74f5fad3c7219038e51eb4fa12fb9d55d7f65a9f4bab0adff8609fabb0afdab" score = 75 @@ -80174,8 +80969,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Bf0E994 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ea2dc13eec0d7a8ec20307f5afac8e9344d827a6037bb96a54ad7b12f65b59c" logic_hash = "2c1099b8078ac306f7cb67be5b5b5e34f57414b9aa26bdd6c26d3636c80846cd" score = 75 @@ -80203,8 +80998,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D710A5Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "118a29cc0ccd191181dabc134de282ba134e041113faaa4d95e0aa201646438b" score = 75 @@ -80232,8 +81027,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F434A3Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "11b173f73b87f50775be50c6b4528bd9b148ea4266297aec76ae126cab0facb0" score = 75 @@ -80261,8 +81056,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A2795A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "18e15b8a417f9ff2fd9277a01eb3224c761807ce9541ece568f4525ae66eb81f" score = 75 @@ -80290,8 +81085,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_678C1145 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "559793b9cb5340478f76aaf5f81c8dbfbcfa826657713d5257dac3c496b243a6" logic_hash = "5ff15c8d92bca62700bbb67aeebc41fd603687dbc0c93733955bf59375df40a1" score = 60 @@ -80319,8 +81114,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_3Cbdfb1F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd40ac964f3ad2011841c7eb4bf7cab332d4d95191122e830ab031dc9511c079" logic_hash = "38e8ca59bf55c32b99aa76a89f60edcf09956b7cad0b4745fab92eca327c52db" score = 75 @@ -80348,8 +81143,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_8B63Ff02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "3b68353c8eeb21a3eba7a02ae76b66b4f094ec52d5309582544d247cc6548da3" score = 75 @@ -80377,8 +81172,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_30973084 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a22ffa748bcaaed801f48f38b26a9cfdd5e62183a9f6f31c8a1d4a8443bf62a4" logic_hash = "d965a032c0fb6020c6187aa3117f7251dd8c9287c45453e3d5ae2ac62b3067bb" score = 75 @@ -80406,8 +81201,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Cfa95Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "f73a96cc379c8dc060bfe5668ef7e47c5bcd037b3f41c300ef20c2f2f653cb00" score = 75 @@ -80435,8 +81230,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_25C48456 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eba6f3e4f7b53e22522d82bdbdf5271c3fc701cbe07e9ecb7b4c0b85adc9d6b4" logic_hash = "4ed4b901fccaed834b9908fb447da1521bf31f283ae55b6d8f6090814cf8fcd2" score = 75 @@ -80464,8 +81259,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B1Ca2Abd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "05b906a9823bf9ba25ba1ed490beb8f338429cbc744ca230c5c4cbb41ab9f140" score = 75 @@ -80493,8 +81288,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Cce8C792 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "14700d24e8682ec04f2aae02f5820c4d956db60583b1bc61038b47e709705d0d" score = 75 @@ -80522,8 +81317,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_4Bcea1C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "76019729a3a33fc04ff983f38b4fbf174a66da7ffc05cd07eb93e3cd5aecaaa2" score = 75 @@ -80551,8 +81346,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Ab561A1B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b7df0d491974bead05d04ede6cf763ecac30ecff4d27bb4097c90cc9c3f4155" logic_hash = "5720d2ada4b33514f2d528417876606d2951786df8b0512f9e8833b8ec87127a" score = 75 @@ -80580,8 +81375,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1A4Eb229 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "83b04e366a05a46ad67b9aaf6b9658520e119003cd65941dd69416cbc5229c30" score = 75 @@ -80609,8 +81404,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_51Ef0659 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7a2bc75dd9c44c38b2a6e4e7e579142ece92a75b8a3f815940c5aa31470be2b" logic_hash = "26dd95cb1cdaec10d408e294a3baca85d741cf5e56649cdcc79ef7216e4cb440" score = 75 @@ -80638,8 +81433,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D90C4Cbe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "145d32f8a06af18e6f13b0905cc51fd7b1a9e00b41b0f0a5d537ada2b54a94b5" score = 75 @@ -80667,8 +81462,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_C680C9Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "a283132ffdd109b8b1f01e5a3e2700b70b742945c7ae8b15b2b244fb249a5e3d" score = 75 @@ -80696,8 +81491,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_E63396F4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323" logic_hash = "d3f7c62a7411caf86ee574a686b4b1972066602f89d39ae9e49ba66d9917c7c9" score = 75 @@ -80725,8 +81520,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7D5355Da : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "03397525f90c8c2242058d2f6afc81ceab199c5abcab8fd460fabb6b083d8d20" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b4540f941ca1a36c460d056ef263ebd67c6388f3f6f373f50371f7cca2739bc4" score = 75 quality = 75 @@ -80753,8 +81548,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A9E8A90F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0558cf8cab0ba1515b3b69ac32975e5e18d754874e7a54d19098e7240ebf44e4" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8f1fcb736a9363142a25426ef2d166f92526bffaf8069f1b12056c9cf5825379" score = 75 quality = 75 @@ -80781,8 +81576,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A598192A : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "19909f53acca8c84125c95fc651765a25162c5f916366da8351e67675393e583" score = 75 quality = 75 @@ -80809,8 +81604,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_53Bf4E37 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d1aabf8067b74dac114e197722d51c4bbb9a78e6ba9b5401399930c29d55bdcc" score = 75 quality = 75 @@ -80837,8 +81632,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_50158A6E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e0cdb655e48d21a6b02d2e1e62052ffaaec9fdfe65a3d180fc8afabc249e1d8" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "67c22fcf514a3e8c2c27817798c796aacf00ba82e1090894aa2c1170a1e2a096" score = 75 quality = 75 @@ -80865,8 +81660,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F454Ec10 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0297e1ad6e180af85256a175183102776212d324a2ce0c4f32e8a44a2e2e9dad" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e5afb215632ad6359ba95df86316d496ea5e36edb79901c34e0710a6bd9c97d1" score = 75 quality = 75 @@ -80893,8 +81688,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_9417F77B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "60ff13e27dad5e6eadb04011aa653a15e1a07200b6630fdd0d0d72a9ba797d68" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "470b7e44cd875b1f6abcfa5e4d33d2808a65630dc914b38643c9efb14db5f1ff" score = 75 quality = 75 @@ -80921,8 +81716,8 @@ rule ELASTIC_Windows_Trojan_Dcrat_1Aeea1Ac : FILE MEMORY date = "2022-01-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6163e04a40ed52d5e94662131511c3ae08d473719c364e0f7de60dff7fa92cf7" score = 75 quality = 75 @@ -80955,8 +81750,8 @@ rule ELASTIC_Windows_Trojan_Wineloader_13E8860A : FILE MEMORY date = "2024-03-24" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d" logic_hash = "c072abb73377ed59c0dd9fab25a4c84575ab9badbddfda1ed51e576e4e12fa82" score = 75 @@ -80986,8 +81781,8 @@ rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ebf0f1bfd166d2d49b642fa43cb0c7364c0c605d9a7f108dc49d9f1cc859ab4a" logic_hash = "7be1a4e25cf41e47ab135c718b7ec5a49a2890cf873c52597f8dab4d47636ed8" score = 75 @@ -81020,8 +81815,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_Be71209D : FILE MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "452b08d6d2aa673fb6ccc4af6cebdcb12b5df8722f4d70d1c3491479e7b39c05" logic_hash = "24e035bbcd5d44877e6e582a995d0035ad26c53e832c34b0c8a3836cb1a11637" score = 75 @@ -81050,8 +81845,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_0D899241 : MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea" logic_hash = "57385e149c6419aed2dcd3ecbbe26d8598918395a6480dd5cdb799ce7328901a" score = 75 @@ -81085,8 +81880,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_91902940 : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028" logic_hash = "71e26cce6d730560e1303b2a4f49d0da6d1341263bb47ade46338f03e528cbf7" score = 75 @@ -81121,8 +81916,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_F11D57Df : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45ece107409194f5f1ec2fbd902d041f055a914e664f8ed2aa1f90e223339039" logic_hash = "6401b215523289a3842dec6d3e016a2ca99512c5889e87cb5ff13023bb0b8e1e" score = 75 @@ -81155,8 +81950,8 @@ rule ELASTIC_Windows_Trojan_Hijackloader_A8444812 : FILE MEMORY date = "2023-11-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9" logic_hash = "6cd88adc7a0d35013a26d1135efb294ee6f9ddab99b4549e82d3d6f5f65509b6" score = 75 @@ -81189,8 +81984,8 @@ rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2" logic_hash = "b7129094389f789f0b43f0da54645c24a6d1149f53d6536c14714e3ff44f935b" score = 75 @@ -81218,8 +82013,8 @@ rule ELASTIC_Windows_Ransomware_Clop_6A1670Aa : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "afe28000d50495bf2f2adc6cbf0159591ce87bff207f3c6a1d38e09f9ed328d7" score = 75 quality = 75 @@ -81247,8 +82042,8 @@ rule ELASTIC_Windows_Ransomware_Clop_E04959B5 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "039fcb0e48898c7546588cd095fac16f06cf5e5568141aefb6db382a61e80a8d" score = 75 quality = 50 @@ -81285,8 +82080,8 @@ rule ELASTIC_Windows_Ransomware_Clop_9Ac9Ea3E : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1228ee4b934faf1d5f8cf4518974cd2c80a73d84c8a354bde4813fb97ba516d7" score = 75 quality = 75 @@ -81314,8 +82109,8 @@ rule ELASTIC_Windows_Ransomware_Clop_606020E7 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f5169b324bc19f6f5a04c99f1d3326c97300d038ec383c3eab94eb258963ac30" score = 75 quality = 75 @@ -81343,8 +82138,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A6E956C9 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fb4e3e54618075d5ef6ec98d1ba9c332ce9f677f0879e07b34a2ca08b2180dd9" score = 75 quality = 75 @@ -81372,8 +82167,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_38B8Ceec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8e3bc02661cedb9885467373f8120542bb7fc8b0944803bc01642fbc8426298b" score = 75 quality = 75 @@ -81401,8 +82196,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_7Bc0F998 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "29cb48086dbcd48bd83c5042ed78370e127e1ea5170ee7383b88659b31e896b5" score = 75 quality = 75 @@ -81430,8 +82225,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_F7F826B4 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2f5264e07c65d5ef4efe49a48c24ccef9a4b9379db581d2cf18e1131982e6f2f" score = 75 quality = 75 @@ -81459,8 +82254,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_24338919 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "af8cceebdebca863019860afca5d7c6400b68c8450bc17b7d7b74aeab2d62d16" score = 75 quality = 75 @@ -81488,8 +82283,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_0F5A852D : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "11cddf2191a2f70222a0c8c591e387b4b5667bc432a2f686629def9252361c1d" score = 75 quality = 75 @@ -81517,8 +82312,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_C9773203 : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1d6503ccf05b8e8b4368ed0fb2e57aa2be94151ce7e2445b5face7b226a118e9" score = 75 quality = 75 @@ -81546,8 +82341,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_Dd5Ce989 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "86cf98bf854b01a55e3f306597437900e11d429ac6b7781e090eeda3a5acb360" logic_hash = "5c094979be1cd347ffee944816b819b6fbb62804b183a6120cd3a93d2759155b" score = 75 @@ -81578,8 +82373,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_96233B6B : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e7a2d966deea3a2df6ce1aeafa8c2caa753824215a8368e0a96b394fb46b753b" logic_hash = "09a2b9414a126367df65322966b671fe7ea963cd65ef48e316c9d139ee502d31" score = 75 @@ -81608,8 +82403,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_4A1C4Da8 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22" logic_hash = "9d3a3164ed1019dcb557cf20734a81be9964a555ddb2e0104f7202880b2ed177" score = 75 @@ -81638,8 +82433,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_91Bc5D7D : FILE MEMORY date = "2021-08-02" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987" logic_hash = "74154902b03c36a4ee9bc54ae9399bae9e6afb7fe8d0fe232b88250afc368d6f" score = 75 @@ -81667,8 +82462,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A91A6571 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ff7795edff95a45b15b03d698cbdf70c19bc452daf4e2d5e86b2bbac55494472" logic_hash = "cc59320ba9f8907d1d9b9dc120d8b4807b419e49c55be1fd5d2cdbb0c5d4e5cc" score = 75 @@ -81696,8 +82491,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B29Fe355 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4f0ab4e42e6c10bc9e4a699d8d8819b04c17ed1917047f770dc6980a0a378a68" logic_hash = "7a2189b59175acb66a7497c692a43c413a476f5c4371f797bf03a8ddb550992c" score = 75 @@ -81727,8 +82522,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_66140F58 : FILE MEMORY date = "2022-08-15" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01a0c5630fbbfc7043d21a789440fa9dadc6e4f79640b370f1a21c6ebf6a710a" logic_hash = "0a855b7296f7cea39cc5d57b239d3906133ea43a0811ec60e4d91765cf89aced" score = 75 @@ -81756,8 +82551,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_2092C42A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e47d88c11a89dcc84257841de0c9f1ec388698006f55a0e15567354b33f07d3c" logic_hash = "83c46c6b957f10d406ea9985c518eb2fba3e82b9023bfdefa8bdd4be7fb67826" score = 75 @@ -81786,8 +82581,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_46E1C247 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ef70e1faa3b1f40d92b0a161c96e13c96c43ec6651e7c87ee3977ed07b950bab" logic_hash = "760a4e28e312a7d744208dc833ffad8d139ce7c536b407625a7fb0dff5ddb1d1" score = 75 @@ -81816,8 +82611,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B62Aac1E : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "af9af81f7e46217330b447900f80c9ce38171655becb3b63e51f913b95c71e70" logic_hash = "3ef6b7fb258b060ae00b060dbf9b07620f8cda0d9a827985bbb3ed9617969ef6" score = 75 @@ -81846,8 +82641,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_47F5D54A : FILE MEMORY date = "2023-11-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bc3754cf4a04491a7ad7a75f69dd3bb2ddf0d8592ce078b740d7c9c7bc85a7e1" logic_hash = "be080d0aae457348c4a02c204507a8cb14d1728d1bc50d7cf12b577aa06daf9f" score = 75 @@ -81876,8 +82671,8 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e" logic_hash = "6fe91d91bb383c66a6dc623b02817411a39b88030142517f4048c5c25fbb4ac5" score = 75 @@ -81905,8 +82700,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_A40C7Ef0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c389c42bac5d4261dbca50c848f22c701df4c9a2c5877dc01e2eaa81300bdc29" logic_hash = "6118ea86d628450e79ee658f4b95bae40080764a25240698d8ca7fcb7e6adaaf" score = 75 @@ -81934,8 +82729,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_6C6000C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8877009fc8ee27ba3b35a7680b80d21c84ee7296bcabe1de51aeeafcc8978da7" logic_hash = "0cae81cbc0fdf48b4e7ac09865f05e2ad93d79b7a6f1af76a632727127ab050f" score = 75 @@ -81963,8 +82758,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E191222D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2f4313538c3ef23adbfc50f37451c318bfd1ffd0e5aaa346cce4cc37417f812" logic_hash = "6ffb2add4a76214ffd555cf1fe356371acd3638216094097b355670ecfe02ecd" score = 75 @@ -81992,8 +82787,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E57B0A0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f8ee385316b60ee551565876287c06d76ac5765f005ca584d1ca6da13a6eb619" logic_hash = "b2f67805e9381864591fdf61846284da97f8dd2f5c60484ce9c6e76d2f6f3872" score = 75 @@ -82021,8 +82816,8 @@ rule ELASTIC_Linux_Trojan_Rozena_56651C1D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "997684fb438af3f5530b0066d2c9e0d066263ca9da269d6a7e160fa757a51e04" logic_hash = "a6d283b0c398cb1004defe7f5669f912112262e5aaf677ae4ca7fd15565cb988" score = 75 @@ -82050,8 +82845,8 @@ rule ELASTIC_Windows_Trojan_A310Logger_520Cd7Ec : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3" logic_hash = "6095ce913e3fb1cfc2f1b091598fc06b2dfec30c2353be7df08dcbb1a06b07c3" score = 75 @@ -82083,8 +82878,8 @@ rule ELASTIC_Windows_Trojan_Dridex_63Ddf193 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b1d66350978808577159acc7dc7faaa273e82c103487a90bf0d040afa000cb0d" logic_hash = "e792f4693be0a7c71d1e638212a8fb3acb1e14dedd48218861fad8c09811da29" score = 75 @@ -82113,8 +82908,8 @@ rule ELASTIC_Windows_Trojan_Dridex_C6F01353 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "739682ccb54170e435730c54ba9f7e09f32a3473c07d2d18ae669235dcfe84de" logic_hash = "7146204d779610c04badfc7d884ff882ff5f1439b61f889d1edf4419240c5751" score = 75 @@ -82142,8 +82937,8 @@ rule ELASTIC_Linux_Trojan_Getshell_98D002Bf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "97b7650ab083f7ba23417e6d5d9c1d133b9158e2c10427d1f1e50dfe6c0e7541" logic_hash = "358575f55910b060bde94bbc55daa9650a43cf1470b77d1842ddcaa8b299700a" score = 75 @@ -82171,8 +82966,8 @@ rule ELASTIC_Linux_Trojan_Getshell_213D4D69 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "05fc4dcce9e9e1e627ebf051a190bd1f73bc83d876c78c6b3d86fc97b0dfd8e8" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2075def88b31ac32e44c270ab20273c8b91f37e25a837c0353f76bcf431cdcb3" score = 75 quality = 75 @@ -82199,8 +82994,8 @@ rule ELASTIC_Linux_Trojan_Getshell_3Cf5480B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0e41c0d6286fb7cd3288892286548eaebf67c16f1a50a69924f39127eb73ff38" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "87b0db74e81d4f236b11f51a72fba2e4263c988402292b2182d19293858c6126" score = 75 quality = 75 @@ -82227,8 +83022,8 @@ rule ELASTIC_Linux_Trojan_Getshell_8A79B859 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1154ba394176730e51c7c7094ff3274e9f68aaa2ed323040a94e1c6f7fb976a2" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2aa3914ec4cc04e5daa2da1460410b4f0e5e7a37c5a2eae5a02ff5f55382f1fe" score = 75 quality = 75 @@ -82255,8 +83050,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433" logic_hash = "192b51f0bbd2cab4c1d3da6f82fbee7129a53abaa6e8769d3681821112017824" score = 75 @@ -82286,8 +83081,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_9B01C718 : FILE date = "2023-01-22" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bb82d8c29127955d58dff58978605a9daa718425c74c4bce5ae3e53712909148" logic_hash = "5734f6a249656f22a2a363b42ae77b5e6b7673bc96bad34b04b1be7f2b584b08" score = 75 @@ -82317,8 +83112,8 @@ rule ELASTIC_Linux_Exploit_CVE_2019_13272_583Dd2C0 : FILE MEMORY CVE_2019_13272 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83" logic_hash = "0b25f0d979d2fc3f7d646a9b3eccf2a293b41181b499c790d3e99515fcd09603" score = 75 @@ -82346,8 +83141,8 @@ rule ELASTIC_Windows_Trojan_Octopus_15813E26 : FILE MEMORY date = "2021-11-10" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0d30b96ead4ccba75e08f6ba1db73cee61a29b5b0c7ee0fb523cbcd61dce9d87" score = 75 quality = 75 @@ -82375,8 +83170,8 @@ rule ELASTIC_Linux_Trojan_Dinodasrat_1D371D10 : FILE MEMORY date = "2024-04-02" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff" logic_hash = "933e78882be1d8dd9553ba90f038963d1b6f8f643888258541b7668aa3434808" score = 75 @@ -82409,8 +83204,8 @@ rule ELASTIC_Windows_Trojan_Flawedgrace_8C5Eb04B : FILE MEMORY date = "2023-11-01" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e" logic_hash = "dc07197cb9a02ff8d271f78756c2784c74d09e530af20377a584dbfe77e973aa" score = 75 @@ -82442,8 +83237,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_13B3C88B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82" logic_hash = "1e37650292884e28dcc51c42bc1b1d1e8efc13b0727f7865ff1dc7b8e1a72380" score = 75 @@ -82472,8 +83267,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_D595781E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7" logic_hash = "289eb17025d989cc74e109b1c03378e9760817a84f1a759153ff6ff6b6401e6d" score = 75 @@ -82502,8 +83297,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_B09Af431 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038" logic_hash = "916a6e63dc4c7ee0bfdf4a455ee467a1d03c1042db60806511aa7cbf3b096190" score = 75 @@ -82532,8 +83327,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_5693E967 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89" logic_hash = "4cbc7a52de7f610cdb12bf40a9099bcfae818dcb5e4119a8c34499433aeebd7e" score = 75 @@ -82562,8 +83357,8 @@ rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569" logic_hash = "5886e3316839e64f934a0e84d85074e076f3e1e44f86fee35a87eb560bfa2aa7" score = 75 @@ -82595,8 +83390,8 @@ rule ELASTIC_Linux_Trojan_Generic_402Be6C5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d30a8f5971763831f92d9a6dd4720f52a1638054672a74fdb59357ae1c9e6deb" logic_hash = "b32111972bc21822f0f2c8e47198c90b70e78667410175257b9542c212fc3a1d" score = 75 @@ -82624,8 +83419,8 @@ rule ELASTIC_Linux_Trojan_Generic_5420D3E7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "103b8fced0aebd73cb8ba9eff1a55e6b6fa13bb0a099c9234521f298ee8d2f9f" logic_hash = "8ba3566ec900e37f05f11d40c65ffe1dfc587c553fa9c28b71ced7a9a90f50c3" score = 75 @@ -82653,8 +83448,8 @@ rule ELASTIC_Linux_Trojan_Generic_4F4Cc3Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "32e25641360dbfd50125c43754cd327cf024f1b3bfd75b617cdf8a17024e2da5" logic_hash = "9eb0d93b8c1a579ca8362d033edecbbe6a9ade82f6ae5688c183b97ed7b97faa" score = 75 @@ -82682,8 +83477,8 @@ rule ELASTIC_Linux_Trojan_Generic_703A0258 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b086d0119042fc960fe540c23d0a274dd0fb6f3570607823895c9158d4f75974" logic_hash = "cb37930637b8da91188d199ee20f1b64a0b1f13e966a99e69b983e623dac51de" score = 75 @@ -82711,8 +83506,8 @@ rule ELASTIC_Linux_Trojan_Generic_378765E4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "dd10305f553fa94ff83fafa84cff3d544f097b617fca20760eef838902e1f7db" score = 75 @@ -82740,8 +83535,8 @@ rule ELASTIC_Linux_Trojan_Generic_F657Fb4F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "af4fa2c21b47f360b425ebbfea624e3728cd682e54e367d265b4f3a6515b0720" score = 75 @@ -82769,8 +83564,8 @@ rule ELASTIC_Linux_Trojan_Generic_Be1757Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "567d33c262e5f812c6a702bcc0a1f0cf576b67bf7cf67bb82b5f9ce9f233aaff" score = 75 @@ -82798,8 +83593,8 @@ rule ELASTIC_Linux_Trojan_Generic_7A95Ef79 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f59340a740af8f7f4b96e3ea46d38dbe81f2b776820b6f53b7028119c5db4355" logic_hash = "6da43e4bab6b2024b49dfc943f099fb21c06d8d4a082a05594b07cb55989183c" score = 75 @@ -82827,8 +83622,8 @@ rule ELASTIC_Linux_Trojan_Generic_1C5E42B7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f" logic_hash = "cd759b87a303fafb9461d0a73b6a6b3f468b1f3db0189ba0e584a629e5d78da1" score = 75 @@ -82856,8 +83651,8 @@ rule ELASTIC_Linux_Trojan_Generic_8Ca4B663 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ddf479e504867dfa27a2f23809e6255089fa0e2e7dcf31b6ce7d08f8d88947e" logic_hash = "43b8cae2075f55a98b226f865d54e1c96345db0564815d849b3458d3f3ffee7f" score = 75 @@ -82885,8 +83680,8 @@ rule ELASTIC_Linux_Trojan_Generic_D3Fe3Fae : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2a2542142adb05bff753e0652e119c1d49232d61c49134f13192425653332dc3" logic_hash = "0b980a0bcf8340410fe2b53d109f629c6e871ebe82af467153d7b50b73fd8644" score = 60 @@ -82914,8 +83709,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E981634 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "448e8d71e335cabf5c4e9e8d2d31e6b52f620dbf408d8cc9a6232a81c051441b" logic_hash = "4623c07a15588788ec8a484642a33f2d18127849302d57520a0dac875564f62c" score = 75 @@ -82943,8 +83738,8 @@ rule ELASTIC_Linux_Trojan_Generic_D8953Ca0 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "552753661c3cc7b3a4326721789808482a4591cb662bc813ee50d95f101a3501" logic_hash = "cbc1a60a1d9525f7230336dff07f56e6a0b99e7c70c99d3f4363c06ed0071716" score = 75 @@ -82972,8 +83767,8 @@ rule ELASTIC_Linux_Trojan_Generic_181054Af : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e677f1eed0dbb4c680549e0bf86d92b0a28a85c6d571417baaba0d0719da5f93" logic_hash = "e92807b603dd33fe7a083985644a213913a77e81c068623fdac7931148207b91" score = 75 @@ -83001,8 +83796,8 @@ rule ELASTIC_Linux_Trojan_Generic_C3D529A2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b46135ae52db6399b680e5c53f891d101228de5cd6c06b6ae115e4a763a5fb22" logic_hash = "a508acd95844a4385943166f715606199048d96be0098bc89f9be7b9db34833e" score = 75 @@ -83030,8 +83825,8 @@ rule ELASTIC_Linux_Trojan_Generic_4675Dffa : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L301-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L301-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "43e14c9713b1ca1f3a7f4bcb57dd3959d3a964be5121eb5aba312de41e2fb7a6" logic_hash = "d2865a869d0cf0bf784106fe6242a4c7f58e58a43c4d4ae0241b10569810904d" score = 75 @@ -83060,8 +83855,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E3Bc3B3 : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Generic.yar#L322-L344" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Generic.yar#L322-L344" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "33c14a6b8b5a2fc105ea6f1d5ee89e53f6c5e44126b9cf687058de64d649b5ca" score = 75 quality = 50 @@ -83093,8 +83888,8 @@ rule ELASTIC_Windows_Backdoor_Dragoncastling_4Ecf6F9F : FILE MEMORY date = "2022-11-08" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9776c7ae6ca73f87d7c838257a5bcd946372fbb77ebed42eebdfb633b13cd387" logic_hash = "26ff86354230f1006bd451eab5c1634b91888330d124a06dd2dfa5ab515d6e1a" score = 75 @@ -83130,8 +83925,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_88033Ff1 : FILE MEMORY date = "2021-09-20" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "695d7d411a4de23ba1517a06bda3ce73add37dca1e6fe9046e7c2dcae237389e" score = 75 @@ -83162,8 +83957,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_D3B685A1 : FILE MEMORY date = "2021-09-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "7d187aa75fc767f5009f3090852de4894776f4b3f99f189478e7e9fd9c3acbe7" score = 75 @@ -83191,8 +83986,8 @@ rule ELASTIC_Linux_Exploit_Abrox_5641Ba81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8de96c8e61536cae870f4a24127d28b86bd8122428bf13965c596f92182625aa" logic_hash = "29c894720c8d9134623427768ab1ab3d5e66fbeae86dd957f449d00091db9019" score = 75 @@ -83220,8 +84015,8 @@ rule ELASTIC_Multi_Attacksimulation_Blindspot_D93F54C5 : FILE MEMORY date = "2022-05-23" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "41984a0ad20ab21186252bb2f3f68604d2cbeea0e1ce22895dd163f7acbf2ca1" score = 75 quality = 75 @@ -83248,8 +84043,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_B97Baf37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "e58130c33242bc3020602c2c0254bed2bbc564c4a11806c6cfcd858fd724c362" score = 75 @@ -83277,8 +84072,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_E2443Be5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "85733ff904cfa3eddaa4c4fbfc51c00494c3a3725e2eb722bbf33c82e7135336" score = 75 @@ -83306,8 +84101,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_683C2Ba1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a02e166fbf002dd4217c012f24bb3a8dbe310a9f0b0635eb20a7d315049367e1" logic_hash = "eef2bdef7e20633f7dc92f653b43e3a217e8cbdbac63d05540bdd520e22dd1ed" score = 75 @@ -83335,8 +84130,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_8Bca73F6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e7c17b7916b38494b9a07c249acb99499808959ba67125c29afec194ca4ae36c" logic_hash = "2cfad4e436198391185fdae5c4af18ae43841db19da33473fdf18b64b0399613" score = 75 @@ -83364,8 +84159,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_C4018572 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1515b3a7a91650948af7577b613ee019166f116729b7ff6309b218047141f6d" logic_hash = "10d70540532c5c2984dc7e492672450924cb8f34c8158638191886057596b0a1" score = 75 @@ -83393,8 +84188,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_733C0330 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b303f241a2687dba8d7b4987b7a46b5569bd2272e2da3e0c5e597b342d4561b6" logic_hash = "37bf7777e26e556f09b8cb0e7e3c8425226a6412c3bed0d95fdab7229b6f4815" score = 75 @@ -83422,8 +84217,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_39F4Cd0D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c08e1347877dc77ad73c1e017f928c69c8c78a0e3c16ac5455668d2ad22500f3" logic_hash = "5b61f54604b110d2c8efaf1782a2e520baac96c6d3e8d1eda0877475c504bf89" score = 75 @@ -83451,8 +84246,8 @@ rule ELASTIC_Macos_Trojan_Fplayer_1C1Fae37 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725" logic_hash = "0d65717bdbac694ffb2535a1ff584f7ec2aa7b553a08d29113c6e2bd7b2ff1aa" score = 75 @@ -83480,8 +84275,8 @@ rule ELASTIC_Windows_Remoteadmin_Ultravnc_965F054A : FILE MEMORY date = "2023-03-18" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59bddb5ccdc1c37c838c8a3d96a865a28c75b5807415fd931eaff0af931d1820" logic_hash = "a9b9d0958f09b23fa7b27ef7ec32b3feb98edca3be5a21552a3a2f50e3fd41c1" score = 75 @@ -83515,8 +84310,8 @@ rule ELASTIC_Linux_Trojan_Sambashell_F423755D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd8a3728a59afbf433799578ef597b9a7211c8d62e87a25209398814851a77ea" logic_hash = "b93c671fae87cd635679142d248cb2b754389ba3b416f3370ea331640eb906ab" score = 75 @@ -83544,8 +84339,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "baa5808fcf22700ae96844dbf8cb3bec52425eec365d2ba4c71b73ece11a69a2" score = 75 quality = 75 @@ -83572,8 +84367,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_7Cdbe9Fa : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "c6f5d2cf0430301ec0eae57808100203b69428f258e0e6882fecbc762d73f4bf" score = 75 @@ -83601,8 +84396,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_2C1Ffe78 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "9561511710eef5877c5afa49890b77fbad31a6e312b5cd33fc01f91ff2a73583" score = 75 @@ -83630,8 +84425,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_85276Fb4 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "6919afd133e7e369eece10ea79d9d17a1a3fbb6210593395e0be157f8c262811" score = 75 @@ -83659,8 +84454,8 @@ rule ELASTIC_Windows_Trojan_Falsefont_D1F0D357 : FILE MEMORY date = "2024-03-26" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614" logic_hash = "af356dec77f773cec01626a3823dbea7e9d3719b9d152ec4057c0b97efabf0df" score = 75 @@ -83695,8 +84490,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_1897_6Cf0A073 : FILE MEMORY CVE_2009_1897 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724" logic_hash = "dcde454fda09cb6bc7b213b76d70eafd65d2601cfda70ff25c6940b55ce3adb6" score = 75 @@ -83724,8 +84519,8 @@ rule ELASTIC_Linux_Trojan_Snowlight_F5C83D35 : FILE MEMORY date = "2024-05-16" modified = "2024-06-12" reference = "https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7d6652d8fa3748d7f58d7e15cefee5a48126d0209cf674818f55e9a68248be01" logic_hash = "fef8f44e897a0f453be2f84d28886d27e261f8256c53c0425c5265b138ce5f40" score = 75 @@ -83753,8 +84548,8 @@ rule ELASTIC_Linux_Ransomware_Conti_53A640F4 : FILE MEMORY date = "2022-09-22" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8b57e96e90cd95fc2ba421204b482005fe41c28f506730b6148bcef8316a3201" logic_hash = "b83a47664d8acce7de17ac5972d9fd5e708c8cd3d8ebedc2bacf1397fd25f5d3" score = 75 @@ -83782,8 +84577,8 @@ rule ELASTIC_Linux_Ransomware_Conti_A89C26Cf : FILE MEMORY date = "2023-07-30" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7" logic_hash = "301f3f3ece06a1cd6788db6e3003497b27470780eaaad95f40ed926e7623793e" score = 75 @@ -83814,8 +84609,8 @@ rule ELASTIC_Linux_Hacktool_Fontonlake_68Ad8568 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "717953f52318e7687fc95626561cc607d4875d77ff7e3cf5c7b21cf91f576fa4" logic_hash = "63dd5769305c715e27e3c62160f7b0f65b57204009ed46383b5b477c67cfac8e" score = 75 @@ -83854,8 +84649,8 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY date = "2021-08-14" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Pony.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Pony.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567" logic_hash = "4a850d32fb28477e7e3fef2dda6ba327b800e2ebcae1a483970cde78f34a4ff7" score = 75 @@ -83889,8 +84684,8 @@ rule ELASTIC_Windows_Trojan_Twistedtinsel_Aa56E527 : FILE MEMORY date = "2023-12-06" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ef1cbdf9a23ae028a858e1d09529982eaeda61197ae029e091918690d3a86e2e" logic_hash = "de31d0a5560baf6b37897eba3a637b00b539f542a2620983c3407a6898e003c7" score = 75 @@ -83919,8 +84714,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_100011_21025F50 : FILE MEMORY CVE_2017_10001 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "32db88b2c964ce48e6d1397ca655075ea54ce298340af55ea890a2411a67d554" logic_hash = "3ec54a7639ccfc019e01fa287f69a93af57087e2d67d0c8574a646afb9043db5" score = 75 @@ -83948,8 +84743,8 @@ rule ELASTIC_Windows_Vulndriver_Rentdrv_B6711B6B : FILE MEMORY date = "2024-08-19" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_RentDrv.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_RentDrv.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5" logic_hash = "3b3d66fefb4f0efbc8b86687925eac25284a6efad3acc74ad4a627d975cd5e7b" score = 75 @@ -83978,8 +84773,8 @@ rule ELASTIC_Windows_Vulndriver_Rtcore_4Eeb2Ce5 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd" logic_hash = "f547bce6554c60e8f3ef8e128c05533cf1f35ce0ee414d5a1c5e9a205b05d8fe" score = 75 @@ -84008,8 +84803,8 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4278064ec50f87bb0471053c068b13955ed9d599434e687a64bf2060438a7511" logic_hash = "66223dc9e2ef7330e26c91f0c82c555e96e4c794a637ab2cbe36410f3eca202a" score = 75 @@ -84040,8 +84835,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D7Bd0E5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "afcfd67af99e437f553029ccf97b91ed0ca891f9bcc01c148c2b38c75482d671" logic_hash = "1f87721fdfe58d029c0696bc99385a0052c771bc48b2c9ce01b72c3e42359654" score = 75 @@ -84069,8 +84864,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_69E1A763 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b04d9fabd1e8fc42d1fa8e90a3299a3c36e6f05d858dfbed9f5e90a84b68bcbb" logic_hash = "d0dac8e2c9571d9e622c8c1250a54a7671ad1b9b00dba584c3741b714c22d8e0" score = 75 @@ -84098,8 +84893,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_397A86Bd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79c47a80ecc6e0f5f87749319f6d5d6a3f0fbff7c34082d747155b9b20510cde" logic_hash = "6b46a82d1aea0357f5a48c9ae1d93e3d4d31bd98b9c9b4e0b0d0629e7f159499" score = 75 @@ -84127,8 +84922,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_37C3F8D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "efbddf1020d0845b7a524da357893730981b9ee65a90e54976d7289d46d0ffd4" logic_hash = "e7bdd185ea4227b0960c3e677e7d8ac7488d53eaa77efd631be828b2ca079bb8" score = 75 @@ -84156,8 +84951,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_28A80546 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96cc225cf20240592e1dcc8a13a69f2f97637ed8bc89e30a78b8b2423991d850" logic_hash = "120e9f7cad0fc8aebd843374c0edca8cbb701882ab55a7f24aced1d80d8cd697" score = 75 @@ -84185,8 +84980,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9D531F70 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "87d3cb7049975d52f2a6d6aa10e6b6d0d008d166ca5f9889ad1413a573d8b58e" score = 75 @@ -84214,8 +85009,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_23A5C29A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "c2608e7ee73102e0737a859a18c5482877c6dc0e597d8a14d8d41f5e01a0b1f4" score = 75 @@ -84243,8 +85038,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Ea5703Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bec6eea63025e2afa5940d27ead403bfda3a7b95caac979079cabef88af5ee0b" logic_hash = "bbf0191ecff24fd24376fd3dec2e96644188ca4d26b4ca4f087e212bae2eab85" score = 75 @@ -84272,8 +85067,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6A4F4255 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "133290dc7423174bb3b41b152bab038d118b47baaca52705b66fd9be01692a03" score = 75 @@ -84301,8 +85096,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9088D00B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8abb2b058ec475b0b6fd0c994685db72e98d87ee3eec58e29cf5c324672df04a" logic_hash = "3ebc8cb6d647138e72194528dafc644c90222440855d657ec50109f11ff936da" score = 75 @@ -84330,8 +85125,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_71024C4A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "afe81c84dcb693326ee207ccd8aeed6ed62603ad3c8d361e8d75035f6ce7c80f" logic_hash = "0c66a3388fe8546ae180e52d50ef05a28755d24e47b3b56f390d5c6fcb0b89eb" score = 75 @@ -84359,8 +85154,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D81368A3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "71225e4702f2e0a0ecf79f7ec6c6a1efc95caf665fda93a646519f6f5744990b" logic_hash = "0e30c9ebd8f2d3a489180f114daf91a3655ce9075ae25ea3d6ef5be472d7721a" score = 75 @@ -84388,8 +85183,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_97E9Cebe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b4ff62d92bd4d423379f26b37530776b3f4d927cc8a22bd9504ef6f457de4b7a" logic_hash = "8aad31db2646fb9971b9af886e30f6c5a62a9c7de86cb9dc9e1341ac3b7762eb" score = 75 @@ -84417,8 +85212,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_98Ff0F36 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c14aaf05149bb38bbff041432bf9574dd38e851038638aeb121b464a1e60dcc" logic_hash = "60f17855b08cfc51e497003cbb5ed25d9168fb29c57d8bfd7105b9b5e714e3a1" score = 75 @@ -84446,8 +85241,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1512Cf40 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc063a0e763894e86cdfcd2b1c73d588ae6ecb411c97df2a7a802cd85ee3f46d" logic_hash = "0d43e6a4bd5036c2b6adb61f2d7b11e625c20e9a3d29242c7c34cfc7708561be" score = 75 @@ -84475,8 +85270,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_0D6005A1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "230d46b39b036552e8ca6525a0d2f7faadbf4246cdb5e0ac9a8569584ef295d4" logic_hash = "c3fd32e7582f0900b94fe3ba6b6bcdf238f78e2e343d70d5b0196a968a41cf26" score = 75 @@ -84504,8 +85299,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E1Ff020A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b611898f1605751a3d518173b5b3d4864b4bb4d1f8d9064cc90ad836dd61812" logic_hash = "be801989b9770f3b70217bd5f13795b5dd0b516209f631d900b6647e0afe8d98" score = 75 @@ -84533,8 +85328,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_102D6F7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd40c2fbf775e3c8cb4de4a1c7c02bc4bcfa5b459855b2e5f1a8ab40f2fb1f9e" logic_hash = "52966eaaef5522e711dc89bd796b1e12019a8485ee789e8d5112d86f7e630170" score = 75 @@ -84562,8 +85357,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9C8F3B1A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "74d8344139c5deea854d8f82970e06fc6a51a6bf845e763de603bde7b8aa80ac" logic_hash = "f7ab9990b417c1c81903dcb7adaae910d20ea7fce6689d4846dd6002bea3e721" score = 75 @@ -84591,8 +85386,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_76Cb94A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "758ee41048c94576e7a872bfdacc6b6f2be3d460169905c876585037e11fdaa8" score = 75 @@ -84620,8 +85415,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_616Afaa1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0901672d2688660baa26fdaac05082c9e199c06337871d2ae40f369f5d575f71" logic_hash = "53a309a6a274558e4ae8cfa8f3e258f23dc9ceafab3be46351c00d24f5d790ec" score = 75 @@ -84649,8 +85444,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_18Af74B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "52707aa413c488693da32bf2705d4ac702af34faee3f605b207db55cdcc66318" logic_hash = "d8ec9bd01fcabdd4a80e07287ecc85026007672bbc3cd2d4cbb2aef98da88ed5" score = 75 @@ -84678,8 +85473,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1B76C066 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f60302de1a0e756e3af9da2547a28da5f57864191f448e341af1911d64e5bc8b" logic_hash = "be239bc14d1adf05a5c6bf2b2557551566330644a049b256a7a5c0ab9549bd06" score = 75 @@ -84707,8 +85502,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B6Ea5Ee1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "529119e07aa0243afddc3141dc441c314c3f75bdf3aee473b8bb7749c95fa78a" score = 75 @@ -84736,8 +85531,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_050Ac14C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "c34b0ff3ce867a76ef57fad7642de7916fa7baebf1a2a8d514f7b74be7231fd4" score = 75 @@ -84765,8 +85560,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Df937Caa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "d76a6008576687088f28674fb752e1a79ad2046e0208a65c21d0fcd284812ad8" score = 75 @@ -84794,8 +85589,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E9Ff82A8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "62ea137e42ce32680066693f02f57a0fb03483f78c365dffcebc1f992bb49c7a" logic_hash = "9309aaad6643fa212bb04ce8dc7d24978839fe475f17d36e3b692320563b6fad" score = 75 @@ -84823,8 +85618,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_A5267Ea3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b342ceeef58b3eeb7a312038622bcce4d76fc112b9925379566b24f45390be7d" logic_hash = "081633b5aa0490dbffcc0b8ab9850b59dbbd67d947c0fe68d28338a352e94676" score = 75 @@ -84852,8 +85647,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_4E9075E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "098bf2f1ce9d7f125e1c9618f349ae798a987316e95345c037a744964277f0fe" logic_hash = "fe117f65666b9eac19fa588ee631f9be7551a3a9e3695b7ecbb77806658678aa" score = 75 @@ -84881,8 +85676,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_3A8D0974 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "193fe9ea690759f8e155458ef8f8e9efe9efc8c22ec8073bbb760e4f96b5aef7" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7039d461d8339d635a543fae2c6dbea284ce1b727d6585b69d8d621c603f37ac" score = 75 quality = 75 @@ -84909,8 +85704,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B9E6Ffdf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0f3200a93f1be4589eec562c4f688e379e687d09c03d1d8850cc4b5f90f192a" logic_hash = "57d5b3eb5812a849d04695bdb1fb728a5ebd3bf5201ac3e7f36d37af0622eec2" score = 75 @@ -84938,8 +85733,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_7Ef74003 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a172cfecdec8ebd365603ae094a16e247846fdbb47ba7fd79564091b7e8942a0" logic_hash = "1bde07dbb88357fcc02171512725be94d9fc0427c03afb2d59fbd0658c5d8e2e" score = 75 @@ -84967,8 +85762,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1D0700B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "a24264cb071d269c82718aed5bc5c6c955e1cb2c7a63fe74d4033bfa6adf8385" score = 75 @@ -84996,8 +85791,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_55Beb2Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "edda1c6b3395e7f14dd201095c1e9303968d02c127ff9bf6c76af6b3d02e80ad" logic_hash = "8a31b4866100b35d559d50f5db6f80d51bced93f9aac3f0d2d1de71ba692a3c5" score = 75 @@ -85025,8 +85820,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Fdd7340F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "fd39ba5cf050d23de0889feefa9cd74dfb6385a09aa9dba90dc1d5d6cb020867" score = 75 @@ -85054,8 +85849,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E36A35B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ab6d8f09df67a86fed4faabe4127cc65570dbb9ec56a1bdc484e72b72476f5a4" logic_hash = "0572f584746a2af6f545798b25445fd4e764a9eecc01b7476e5c1af631eb314a" score = 75 @@ -85083,8 +85878,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6Dad0380 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "628b1cc8ccdbe2ae0d4ef621da047e07e2532d00fe3d4da65f0a0bcab20fb546" logic_hash = "b305448d5517212adb7586e7af12842095e1a263520511329e40f0865fe4f81b" score = 75 @@ -85112,8 +85907,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E73F501E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2f646ced4d05ba1807f8e08a46ae92ae3eea7199e4a58daf27f9bd0f63108266" logic_hash = "2f6187f3447f9409485e9e8aa047114aa3c38bcc338106c3ed8680152dff121a" score = 75 @@ -85141,8 +85936,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_5E56D076 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09" logic_hash = "c8e2ebcffe8a169c2cc311c95538b674937fa87e06d2946a6ed3b0c1f039f7fc" score = 75 @@ -85170,8 +85965,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_54357231 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "a895c9fd124d6bd55748093c3ef54606e5692285260aa21bd70dca02126239d2" score = 75 @@ -85199,8 +85994,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_467C4D46 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "b28f871365c1fa6315b1c2fc6698bdd224961972cd578db05c311406c239ac22" score = 75 @@ -85228,8 +86023,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E0Cca9Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "fa4089f74fc78e99427b4e8eda9f8348e042dc876c7281a4a2173c83076bfbd2" score = 75 @@ -85257,8 +86052,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "d38cc5714721c0b00cfa47cb9828fd76ff57ec8180e5cfe1fec67a092dd87904" score = 75 @@ -85286,8 +86081,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_947Dcc5E : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7c5a6ac425abe60e8ea5df5dfa8211a7c34a307048b4e677336b735237dcd8fd" logic_hash = "c4aac006561386fbfe0fa0fe3df6b6798d2915a3dbfb5384583ebf9b2f413115" score = 75 @@ -85315,8 +86110,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B4C2D007 : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e1e518ba226d30869e404b92bfa810bae27c8b1476766934961e80c44e39c738" logic_hash = "cb52d9233028918210b8bd3959a6649d75b5c6873befff0cf62d9e71dfecc302" score = 75 @@ -85344,8 +86139,8 @@ rule ELASTIC_Windows_Vulndriver_Vmdrv_7C674F8E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351" logic_hash = "87f29b861d5239c60e44541fe31ed90696068225b1b6d824dc9b06fcdb1597ae" score = 75 @@ -85375,8 +86170,8 @@ rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4" logic_hash = "2c9f38187866985109a42ffdf8940b5d195aadd3815b2de952b190d4b0b95c3c" score = 75 @@ -85408,8 +86203,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4E31426E : FILE MEMORY date = "2021-07-21" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174" logic_hash = "44ac7659964519ae72f83076bcd1b3e5244eb9cadd9a3b123dda78b0e9e07424" score = 75 @@ -85437,8 +86232,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4Ee15B92 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "09b9283286463b35ea2d5abfa869110eb124eb8c1788eb2630480d058e82abf2" logic_hash = "7d5ba6a4cc1f1b87f7ea1963b41749f5488197ea28b31f20a235091236250463" score = 75 @@ -85466,8 +86261,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Ea14B2A5 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15fe237276b9c2c6ceae405c0739479d165b406321891c8a31883023e7b15d54" logic_hash = "8a96985902f82979f1512d4d30cfa41fd23562b8f86bf2f722351ef2adf4365f" score = 75 @@ -85496,8 +86291,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_De52Ed44 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c689a384f626616005d37a94e6a5a713b9eead1b819a238e4e586452871f6718" logic_hash = "95a60079a316016ca3f78f18e7920b962f5770bef4211dd70e37f45bbe069406" score = 75 @@ -85526,8 +86321,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Bf391Fe0 : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe2489230d024f5e0e7d0da0210f93e70248dc282192c092cbb5e0eddc7bd528" logic_hash = "8a697596f8aa9a2af230b294c64ee844fcb593814a070ebf10e084c18e7f5ac7" score = 75 @@ -85556,8 +86351,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_A01Aa3Ab : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L104-L123" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L104-L123" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3a189a736cfdfbb1e3789326c35cecfa901a2adccc08c66c5de1cac8e4c1791b" logic_hash = "385f93a98e71f8e78e2f916775bd8db182842c8439a2f15238780388b63e2e91" score = 75 @@ -85586,8 +86381,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_62Eb5427 : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Smokeloader.yar#L125-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Smokeloader.yar#L125-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "21e7fcce8ffb7826108800b6aee21d6b8ea9275975b639ed5ca9f8ddd747329e" logic_hash = "e3c70731792a8fbf0b08443f6df3c42f44a548fa9d19be7ee98c677952600e5b" score = 75 @@ -85617,8 +86412,8 @@ rule ELASTIC_Windows_Trojan_Raspberryrobin_4B4D6899 : FILE MEMORY date = "2023-12-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2f0451f38adb74cb96c857de455887b00c5038b68210294c7f52b0b5ff64cc1e" logic_hash = "bbafad9509b367e811e86cb8f2f64d9c1d59f82b5cd58a7af43325bb7fa9d9c3" score = 75 @@ -85644,16 +86439,16 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY author = "Elastic Security" id = "aad9d6cc-32ff-431a-9914-01c7adc80877" date = "2021-01-12" - modified = "2021-09-16" + modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Azeela.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Azeela.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6c476a7457ae07eca3d3d19eda6bb6b6b3fa61fa72722958b5a77caff899aaa6" - logic_hash = "efc8b5de42a2ee2104dc8e8c25b313f6ced2fb291ba27dc8276822960dd7eb74" + logic_hash = "8cd3c383ac2149e0cd18589bf838848d81b5ff72e3123a8b523ee2467023a8f6" score = 75 quality = 75 tags = "FILE, MEMORY" - fingerprint = "3b7c73a378157350344d52acd6c210d5924cf55081b386d0d60345e4c44c5921" + fingerprint = "437bfcae2916ad88d4f03f3ca5378df1ac1cac624b0aabc1be13f64aa9c26560" severity = 100 arch_context = "x86" scan_context = "file, memory" @@ -85661,10 +86456,11 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY os = "linux" strings: - $a = { C0 74 07 B8 01 00 00 00 EB 31 48 8B 45 F8 0F B6 00 3C FF 74 21 48 83 45 } + $a1 = { C0 74 07 B8 01 00 00 00 EB 31 48 8B 45 F8 0F B6 00 3C FF 74 21 48 83 45 } + $a2 = "The whole earth has been corrupted through the works that were taught by Azazel: to him ascribe all sin." condition: - all of them + any of ($a*) } rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY { @@ -85675,8 +86471,8 @@ rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "765546a981921187a4a2bed9904fbc2ccb2a5876e0d45c72e79f04a517c1bda3" logic_hash = "f88cc0f02797651e8cdf8e25b67a92f7825ec616b79df21daae798b613baf334" score = 75 @@ -85704,8 +86500,8 @@ rule ELASTIC_Windows_Vulndriver_Ccprotect_0D3Ee86F : FILE MEMORY date = "2024-09-09" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_CCProtect.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_CCProtect.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5f0cfe8357bb52b45068ddbac053e32bc38e6cb5e086746f5402657b0a5cfb1c" logic_hash = "4da5cf6b5cd00f8f7ba6daf8e8b4c6161cf9e0166dea39943b32a54f35dfd6c2" score = 75 @@ -85735,8 +86531,8 @@ rule ELASTIC_Linux_Trojan_Shellbot_65Aa6568 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "457d1f4e1db41a9bdbfad78a6815f42e45da16ad0252673b9a2b5dcefc02c47b" logic_hash = "46558801151ddc2f25bf46a278719f027acca2a18d2a9fcb275f4d787fbb1f0b" score = 75 @@ -85764,8 +86560,8 @@ rule ELASTIC_Linux_Trojan_Nuker_12F26779 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "440105a62c75dea5575a1660fe217c9104dc19fb5a9238707fe40803715392bf" logic_hash = "8bafbc2792bd4cacd309efd72d2d8787342685d66785ea41cb57c91519a3c545" score = 75 @@ -85793,8 +86589,8 @@ rule ELASTIC_Windows_Ransomware_Wannacry_D9855102 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0b7878babbaf7c63d808f3ce32c7306cb785fdfb1ceb73be07fb48fdd091fdfb" logic_hash = "5edf6a42c9f20de3819b46f24be243940b79e7e9004fee3d601794ea0b534cf1" score = 75 @@ -85829,8 +86625,8 @@ rule ELASTIC_Linux_Virus_Staffcounter_D2D608A8 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "06e562b54b7ee2ffee229c2410c9e2c42090e77f6211ce4b9fa26459ff310315" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e30f1312eb1cbbc4faba3f67527a4e0e955b5684a1ba58cdd82a7a0f1ce3d2b9" score = 75 quality = 75 @@ -85857,8 +86653,8 @@ rule ELASTIC_Linux_Ransomware_Ragnarlocker_9F5982B8 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f668f74d8808f5658153ff3e6aee8653b6324ada70a4aa2034dfa20d96875836" logic_hash = "c08579dc675a709add392a0189d01e05af61034b72f451d2b024c89c1299ee6c" score = 75 @@ -85888,8 +86684,8 @@ rule ELASTIC_Windows_Ransomware_Royal_B7D42109 : FILE MEMORY date = "2022-11-04" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "491c2b32095174b9de2fd799732a6f84878c2e23b9bb560cd3155cbdc65e2b80" logic_hash = "06f4a1487e97e0b8c1f5df380ab4f90b37ef0a508aba7dac272c16c8371d8143" score = 75 @@ -85920,8 +86716,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_89E64044 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "bd504b078704b9f307a50c8556c143eee061015a9727670137aadc47ae93e2a6" score = 75 @@ -85951,8 +86747,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_A1C60939 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "6e6d88251e93f69788ad22fc915133f3ba0267984d6a5004d5ca44dcd9f5f052" score = 75 @@ -85980,8 +86776,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_369E1E94 : FILE MEMORY date = "2022-07-05" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee" logic_hash = "c34dafc024d85902b85fc3424573abb8781d6fab58edd86c255266db3635ce98" score = 75 @@ -86015,8 +86811,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_D7Fc4594 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "0083fb64955973e7dbbb35d08cb780fa0b4ff4d064c102dc8f86e29af8358bad" score = 75 @@ -86044,8 +86840,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_Aceac5D9 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "888ab06b55b07879ee6b9a45c04f1a09c570aeb4be55c698300566d57fd47252" score = 75 @@ -86073,8 +86869,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1388212A : FILE MEMORY date = "2021-04-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "1b717453810455e3f530e399f5f9f163d1ad0d71a5464fa5c68aa82edd699cda" score = 75 @@ -86126,8 +86922,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_674Fd079 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "f63f3de05dd4f4f40cda6df67b75e37d7baa82c4b4cafd3ebdca35adfb0b15f8" score = 75 @@ -86169,8 +86965,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_355D5D3A : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "945245ca795e0a3575ee4fdc174df9d377a598476c2bf4bf0cdb0cde4286af96" logic_hash = "c6b48ab2cc92deb507d7eead1fb6381ee40b698e84d9eaac45288f95dbda66b3" score = 75 @@ -86213,8 +87009,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_71Fe23D9 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "856687718b208341e7caeea2d96da10f880f9b5a75736796a1158d4c8755f678" logic_hash = "6d1e84bb8532c6271ad3966055eac8d60ec019d8ae6632efb59463c35b46ad9b" score = 75 @@ -86243,8 +87039,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_B393864F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe" logic_hash = "d09cb7f753675e0b6ecd8a7977ca7f8d313e5d525f05170fc54b265c2ae6c188" score = 75 @@ -86273,8 +87069,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1Ff74F7E : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b6aad500d45de7b076942d31b7c3e77487643811a335ae5ce6783368a4a5081" logic_hash = "f47f760b4c373a073399c69681e76eb9dde6cfdb36c1cc31d7131376493931c0" score = 75 @@ -86303,8 +87099,8 @@ rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5" logic_hash = "e449b45f3cf2836254614bbdc957aa7093162fc1acd672edd931d5f240503963" score = 75 @@ -86334,8 +87130,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_12374E97 : FILE MEMORY CVE_2009_2698 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f" logic_hash = "ed86a239b909681f2ab3503cfedf202dbe5f53a6f554cf4db13f08bee625c0b7" score = 75 @@ -86363,8 +87159,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_Cc04Dddd : FILE MEMORY CVE_2009_2698 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d" logic_hash = "68daa56ca98cc8f713faa138432190d19c27f07b2182a1f82347a3bfc5821ebb" score = 75 @@ -86392,8 +87188,8 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "14c4c297388afe4be47be091146aea6c6230880e9ea43759ef29fc1471c4b86b" logic_hash = "27eb8b4d0f91477c2ac26a5e25bfc52903faf5501300ec40773d3fc6797c3218" score = 75 @@ -86421,8 +87217,8 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY date = "2022-03-31" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494" logic_hash = "e765953dec7c7b2a1fbebf92c2fff46453c8258722ad5ca92ba4c7526a8b0c66" score = 75 @@ -86451,8 +87247,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_D6Cc23Af : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8" logic_hash = "6a1f5de3a0daf446ceb812a9f5749410a3a7752dce44e935adc288c95816f59d" score = 75 @@ -86482,8 +87278,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_68682378 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a" logic_hash = "8510de6fc33bde153f3bd4d1bb8b0d98ce69aae479d242c6043ac8c712dbb888" score = 75 @@ -86513,8 +87309,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_684A5123 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e" logic_hash = "7c0c7e14f9b5085a87e5dbe27feb8e49bdb4d2fdcfbcbc643999d7969d118240" score = 75 @@ -86544,8 +87340,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_E0B6Cf55 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e" logic_hash = "dccbf6fa46de1a8bc6438578b651055e2d02d15bd04461be74059e6fde40fca3" score = 75 @@ -86573,8 +87369,8 @@ rule ELASTIC_Windows_Ransomware_Conti_89F3F6Fa : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe" logic_hash = "4c1834e45d5e42f466249b75a89561ce1e88b9e3c07070e2833d4897fbed22ee" score = 75 @@ -86602,8 +87398,8 @@ rule ELASTIC_Macos_Backdoor_Keyboardrecord_832F7Bac : FILE date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6" logic_hash = "5719681d50134edacb5341034314c33ed27e9325de0ae26b2a01d350429c533b" score = 75 @@ -86635,8 +87431,8 @@ rule ELASTIC_Windows_Hacktool_Sleepobfloader_460A1A75 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "84b3bc58ec04ab272544d31f5e573c0dd7812b56df4fa445194e7466f280e16d" logic_hash = "c0bc1b7ef71c1a91fc487f904315c6f187530ab39825f90f55ac36625d5b93cf" score = 75 @@ -86666,8 +87462,8 @@ rule ELASTIC_Windows_Vulndriver_Tmcomm_333F3851 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64" logic_hash = "a4464fb7edbacb6d9c8d6b385f9cc28685f0bed40876eecd5a7c87e0707e3025" score = 75 @@ -86697,8 +87493,8 @@ rule ELASTIC_Windows_Vulndriver_Fiddrv_E7875A5A : FILE date = "2023-07-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_FidDrv.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_FidDrv.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158" logic_hash = "aa1635c651c8364ad2ee93b369dd583fce699001d753e46de013c476d185eef1" score = 75 @@ -86730,8 +87526,8 @@ rule ELASTIC_Windows_Trojan_Netwire_6A7Df287 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "d5f36e2a81cf0a9037267d39266b4c31ca9c07b05fb9772e296aeac2da6051a5" score = 75 @@ -86759,8 +87555,8 @@ rule ELASTIC_Windows_Trojan_Netwire_1B43Df38 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "bb0eb1c1969bc1416e933822843293c5d41bf9bc3d402fa5dbdc3cdf2f4b394a" score = 75 @@ -86790,8 +87586,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F85E4Abc : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "af8fc8fff2e1a0b6c87ac6d24fecf2e1cefe6313ec66da13fddd1be25c1c3d92" score = 75 @@ -86819,8 +87615,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F42Cb379 : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "fc1436596987d3971a464e707ee6fd5689e7d2800df471c125c1e3f748537f5d" score = 75 @@ -86853,8 +87649,8 @@ rule ELASTIC_Windows_Exploit_Rpcjunction_0405253B : FILE date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05588fe3d2aae1273e9d0b0ac00c867d92bcdea41c33661760dcbe84439e7949" logic_hash = "c663285d81e00bf6b028cdb043da3c6d5033a0c100d9c626acfa26d67bc1c093" score = 75 @@ -86884,8 +87680,8 @@ rule ELASTIC_Windows_PUP_Veriato_Fae5978C : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_PUP_Veriato.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_PUP_Veriato.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "53f09e60b188e67cdbf28bda669728a1f83d47b0279debf3d0a8d5176479d17f" logic_hash = "8ae6f8b2b6e3849b33e6a477af52982efe137d7ebeff0c92cee5667d75f05145" score = 75 @@ -86915,8 +87711,8 @@ rule ELASTIC_Windows_Hacktool_Sharpersist_06606812 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8" logic_hash = "ddabfb54422f6fb2ad6999b724b1d8f186adf71f96f01a8770715029529e869a" score = 75 @@ -86948,8 +87744,8 @@ rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5718fd4f807e29e48a8b6a6f4484426ba96c61ec8630dc78677686e0c9ba2b87" logic_hash = "782926c927dce82b95e51634d5607c474937e1edc0f7f739acefa0f4c03aa753" score = 75 @@ -86977,8 +87773,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ea9532Df : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dfe32d97eb48fb2afc295eecfda3196cba5d27ced6217532d119a764071c6297" logic_hash = "4944f5a2632bfe0abebfa6f658ed3f71e4d97efcb428ed0987e2071dfd66e6a9" score = 75 @@ -87006,8 +87802,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ee0C719A : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e711b2d9323582aa390cf34846a2064457ae065c7d2ee1a78f5ed0859b40f9c0" logic_hash = "3ca12ea0f1794935ea570dda83f33d04ffb19b6664cc1c8b1cbeed59ac04a01a" score = 75 @@ -87036,8 +87832,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_364F3B7B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69" logic_hash = "5950195453232e4752b58c9e466c4df1b5ca2b22d5325730de69cd4178438aa7" score = 75 @@ -87065,8 +87861,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3A2Ed31B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f" logic_hash = "30cd10e38cbda719d9c344efd813e9a19e738a5251e3622957c8349e94366a29" score = 75 @@ -87094,8 +87890,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_7448814C : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba" logic_hash = "0024b2cc22bf6c2dfc3b73ba91080cea8d502659db38d94b19338382e2fc0c84" score = 75 @@ -87123,8 +87919,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_2Fa988E3 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993" logic_hash = "55c3992ca62ebaf8d45aff818d3261838d239f2004125689ea81edca2cfa59c2" score = 75 @@ -87152,8 +87948,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ea8801Ac : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd" logic_hash = "00a7f71a0559f937ace15465059147839598897467db6176040882d86111bcd2" score = 75 @@ -87181,8 +87977,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B2Ebdebd : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d" logic_hash = "a9d6ffa65b503f9aa13a0054fa92e346c86585418b6b72131efc00340f8ec224" score = 75 @@ -87210,8 +88006,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9190D516 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f" logic_hash = "370248d2b6bb625d65f160b62f1b4a7d2809f3fedfb98a009b19dab61f0ba57e" score = 75 @@ -87239,8 +88035,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3B460716 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420" logic_hash = "759e08c9e3405d841aa467c3343cfac01fed9e9d86aca90139d0eae8855942e5" score = 75 @@ -87268,8 +88064,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ccfd7518 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf" logic_hash = "02720152af167f1a7e5707f97aa920c6d955458df58d8ef0d9eba868da6a16af" score = 75 @@ -87297,8 +88093,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_D41C2C63 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1" logic_hash = "c9460cfc2b6d686145be9afd3ed670619f04c7155b03caa193222cba8405160d" score = 75 @@ -87326,8 +88122,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ffa7F059 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "b558066b80232ceb32c625f49a0ddeccd4b3bc52e664e5a72f2aa7361bcec352" score = 75 @@ -87355,8 +88151,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Fb24C7E4 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "17a2a628f2d1fa088a1e0c5b2ad3f08e24b8504033b328c944b9ae83a5d12fcc" score = 75 @@ -87384,8 +88180,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B45098Df : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314" logic_hash = "4622551b73a12c5399df1f4e052ce32b4cee04486a870bc92942c8597dcad1f7" score = 75 @@ -87413,8 +88209,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9C67A994 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25" logic_hash = "742ce59fadefe242ca97d8ce603976fa8b5e1ba55ede38434c04dcd6f4891712" score = 75 @@ -87442,8 +88238,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ab87C1Ed : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28" logic_hash = "737f5ff982d2b656918ad3258ca20bce2ec416f2af743335b9a87a86f78be810" score = 75 @@ -87471,8 +88267,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_F1C0482A : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061" logic_hash = "084ba60d8464ef5bf3a3aa942bb88caf447c6cee3ebf023157bd261226057663" score = 75 @@ -87500,8 +88296,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_5B78Aa01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "bcf285ac220b2b2ed9caf0943fa22ee830e5b26501c54a223e483a33e2fc63c0" score = 75 @@ -87529,8 +88325,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_1B443A9B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a33112daa5a7d31ea1a1ca9b910475843b7d8c84d4658ccc00bafee044382709" logic_hash = "4afcd7103a14d59abc08d9e03182a985e3d0250c09aad5e81fd110c6a95f29e0" score = 75 @@ -87558,8 +88354,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C36D3Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "c1b61fce7593a44e47043fac8a6356f9aa9e74b66db005400684a5a79b69a5cd" score = 75 @@ -87587,8 +88383,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_3E81B1B7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "54253df560e6552a728dc2651c557bc23ae8ec4847760290701438821c52342e" score = 75 @@ -87616,8 +88412,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_Cde7Cfd4 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cd646a1d59c99b9e038098b91cdb63c3fe9b35bb10583bef0ab07260dbd4d23d" logic_hash = "47967d90a6dbb4461e22998aff5b7e68b4b9007ea7e5e30574ae1f1cfcbaa573" score = 75 @@ -87645,8 +88441,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_32D9Fb1B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "35ef4f3970484a46d705e6976a9932639d576717454b8e07ed24a72114d9c42d" score = 75 @@ -87674,8 +88470,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C3Cfc62 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "da9804489f30b575d2b459f82570f5df07c1777f105cd373c4268f8a31fa4e43" score = 75 @@ -87703,8 +88499,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_A1311F49 : FILE MEMORY date = "2023-10-06" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0175448655e593aa299278d5f11b81f2af76638859e104975bdb5d30af5c0c11" logic_hash = "21838f230ac1a77f09d01d30f4ea3b66313618660e63ab7012b030e0b819547e" score = 75 @@ -87733,8 +88529,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3Fe1D02D : FILE MEMORY date = "2023-10-12" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4ef78d436a153ed751a8483c1e43ec2ba053dedfa0da2780fded42012d3042c1" score = 75 quality = 75 @@ -87761,8 +88557,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY date = "2023-12-11" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3013ba32838f6d97d7d75e25394f9611b1c5def94d93588f0a05c90b25b7d6d5" logic_hash = "a92815f27533338e17afd5ebdbe82e382636fb81167a82d1b613c0dccc5b7ed3" score = 75 @@ -87791,8 +88587,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_8Ae8310B : FILE MEMORY date = "2024-05-27" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b64f91b41a7390d89cd3b1fccf02b08b18b7fed17a43b0bfac63d75dc0df083" logic_hash = "b3873a3c728e98d65984033620c0ac8ee93be21db5b6d9bd4665b9f7d0d759fa" score = 75 @@ -87821,8 +88617,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_9E22C56D : FILE MEMORY date = "2024-07-21" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L86-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L86-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "349b4dfa1e93144b010affba926663264288a5cfcb7b305320f466b2551b93df" logic_hash = "5dbd0d6a936a73e933181017c67c36fde7576b47643ec00848f7b58170bd9c6b" score = 75 @@ -87852,8 +88648,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_Bb38Fcb3 : FILE MEMORY date = "2024-10-15" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b54d9db283e6c958697bfc4f97a5dd0ba585bc1d05267569264a2d700f0799ae" logic_hash = "95a7f663f0bac81a5426d722ec95e11f37fcde45cbf8ebd4e32b9f4c72873c2b" score = 75 @@ -87882,8 +88678,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_Caea316B : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostPulse.yar#L129-L147" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostPulse.yar#L129-L147" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "454e898405a10ecc06b4243c25f86c855203722a4970dee4c4e1a4e8e75f5137" logic_hash = "740dad0ce9d6b7c5a4125db9c6ad36e767bacba478ee627032b7fe00431c6d7b" score = 75 @@ -87911,8 +88707,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_7054A0D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3a6b3552ffac13aa70e24fef72b69f683ac221105415efb294fb9a2fc81c260a" logic_hash = "f7153fb11e0e4bf422021cc0fab99536c2a193198bf70d7f2af2fa5c1971c028" score = 75 @@ -87940,8 +88736,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_144994A5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "4d40337895e63d3dc6f0d94889863f0f5017533658210b902b08d84cf3588cab" score = 75 @@ -87969,8 +88765,8 @@ rule ELASTIC_Windows_Hacktool_Cheatengine_Fedac96D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b20b339a7b61dc7dbc9a36c45492ba9654a8b8a7c8cbc202ed1dfed427cfd799" logic_hash = "426b6d388f86dd935d8165af0fb7c8491c987542755ec4c7c53a35a9003f8680" score = 75 @@ -87999,8 +88795,8 @@ rule ELASTIC_Windows_Ransomware_Helloxd_0C50F01B : FILE MEMORY date = "2022-06-14" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589" logic_hash = "71e09fa1a00fa6f3688129ee2b2a8957b84f64ef51fcba5123a6a9df80a9c7e1" score = 75 @@ -88035,8 +88831,8 @@ rule ELASTIC_Windows_Ransomware_Blackhunt_7B46Cb9C : FILE MEMORY date = "2024-03-12" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6c4e968c9b53906ba0e86a41eccdabe2b736238cb126852023e15850e956293d" logic_hash = "97bb8436574fd814d8278e5a7043e011d0e4f9a7dd9df5e67605f28ac1af1e74" score = 50 @@ -88070,8 +88866,8 @@ rule ELASTIC_Linux_Exploit_Openssl_47C6Fad7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8024af0931dff24b5444f0b06a27366a776014358aa0b7fc073030958f863ef8" logic_hash = "4c60071ecd7b826e692710ae11b09be30e7df5833bcaa8642fea014e12b9abd7" score = 75 @@ -88099,8 +88895,8 @@ rule ELASTIC_Windows_Trojan_Lumma_693A5234 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88340abcdc3cfe7574ee044aea44808446daf3bb7bf9fc60b16a2b1360c5d9c0" logic_hash = "2b29ac9bc73f191bdbfc92601cab923aa9f2f3380c8123ee469ced3754625dd0" score = 75 @@ -88129,8 +88925,8 @@ rule ELASTIC_Windows_Trojan_Lumma_30608A8C : FILE MEMORY date = "2024-10-07" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lumma.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lumma.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "672e06b9729da0616b103c19d68b812bed33e3e12c788a584f13925f81d68129" logic_hash = "1793a535db3fd7e8ad3db4b2de22efffabbcd3e91d89f36de71e95dc0fa9012f" score = 75 @@ -88159,8 +88955,8 @@ rule ELASTIC_Windows_Trojan_Garble_Eae7F2F7 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Garble.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Garble.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4820a1ec99981e03675a86c4c01acba6838f04945b5f753770b3de4e253e1b8c" logic_hash = "5d88579b0f0f71b8b4310c141fb243f39696e158227da0a1e0140b030b783c65" score = 75 @@ -88188,8 +88984,8 @@ rule ELASTIC_Windows_Trojan_Lobshot_013C1B0B : FILE MEMORY date = "2023-04-18" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6" logic_hash = "e1fb245c3441c9bd393a47a9bed01bf7f62aa3ec36d460584d75e326e7e92ad4" score = 75 @@ -88227,8 +89023,8 @@ rule ELASTIC_Linux_Shellcode_Generic_5669055F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "87ef4def16d956cdfecaea899cbb55ff59a6739bbb438bf44a8b5fec7fcfd85b" logic_hash = "735b8dc7fff3c9cc96646a4eb7c5afd70be19dcc821e9e26ce906681130746be" score = 75 @@ -88256,8 +89052,8 @@ rule ELASTIC_Linux_Shellcode_Generic_D2C96B1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "403d53a65bd77856f7c565307af5003b07413f2aba50869655cdd88ce15b0c82" logic_hash = "33d964e22c8e3046f114e8264d18e8b4a0e7b55eca59151b084db7eea07aa0b1" score = 75 @@ -88285,8 +89081,8 @@ rule ELASTIC_Linux_Shellcode_Generic_30C70926 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a742e23f26726293b1bff3db72864471d6bb4062db1cc6e1c4241f51ec0e21b1" logic_hash = "3594994a911e5428198c472a51de189a6be74895170581ec577c49f8dbb9167a" score = 75 @@ -88314,8 +89110,8 @@ rule ELASTIC_Linux_Shellcode_Generic_224Bdcc4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bd22648babbee04555cef52bfe3e0285d33852e85d254b8ebc847e4e841b447e" logic_hash = "8c4a2bb63f0926e7373caf0a027179b4730cc589f9af66d2071e88f4165b0f73" score = 75 @@ -88343,8 +89139,8 @@ rule ELASTIC_Linux_Shellcode_Generic_99B991Cd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "954b5a073ce99075b60beec72936975e48787bea936b4c5f13e254496a20d81d" logic_hash = "664e213314fe1d6f1920de237ebea3a94f7fbc42eff089475674ccef812f0f68" score = 75 @@ -88372,8 +89168,8 @@ rule ELASTIC_Linux_Shellcode_Generic_24B9Aa12 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "24b2c1ccbbbe135d40597fbd23f7951d93260d0039e0281919de60fa74eb5977" logic_hash = "4685253eb00a21d6dd6e874ff68209f20c8668262f24767086687555ccf934aa" score = 75 @@ -88401,8 +89197,8 @@ rule ELASTIC_Linux_Shellcode_Generic_8Ac37612 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c199b902fa4b0fcf54dc6bf3e25ad16c12f862b47e055863a5e9e1f98c6bd6ca" logic_hash = "c0af751bc54dcd9cf834fa5fe9fa120be5e49a56135ebb72fd6073948e956929" score = 75 @@ -88430,8 +89226,8 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f357597f718f86258e7a640250f2e9cf1c3363ab5af8ddbbabb10ebfa3c91251" logic_hash = "20ae3f1d96f8afd0900ac919eacaff3bd748a7466af5bb2b9f77cfdc4b8b829e" score = 75 @@ -88459,8 +89255,8 @@ rule ELASTIC_Linux_Ransomware_Sfile_9E347B52 : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "49473adedc4ee9b1252f120ad8a69e165dc62eabfa794370408ae055ec65db9d" logic_hash = "394571fd5746132d15da97428c3afc149435d91d5432eadf1c838d4a6433c7c1" score = 75 @@ -88489,8 +89285,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_8C6750B5 : FILE MEMORY date = "2023-06-05" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "03e36f927513625d1dd997c79843b1b14e344e8411155740213d7aff9794c5c6" score = 75 @@ -88523,8 +89319,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5B220E9C : FILE MEMORY date = "2024-02-06" modified = "2024-02-08" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d836b06b0118e6d258e318b1cfdc509cacc0859c6a6b3d7c5f4d2525e00d97b2" logic_hash = "1d2158716b7c32734f12f8528352a3872e21fea2f9b21a36d6ac44fcd50a9f3c" score = 75 @@ -88558,8 +89354,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5441F511 : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fa44408874c6a007212dfc206cbecbac7a3e50df94da4ce02de2e04e9119c79f" score = 75 quality = 75 @@ -88592,8 +89388,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_95Db8B5A : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "74073ceae1b26b953b7644d56a2ec92993b83802a30ce82c6921df5448ebab06" score = 75 quality = 75 @@ -88625,8 +89421,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_4034_1C8F235D : FILE CVE_2021_4034 date = "2022-01-26" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "94052c42aa41d0911e4b425dcfd6b829cec8f673bf1245af4050ef9c257f6c4b" logic_hash = "217df6687076a715712a053672d7b02567a3ee38ce9c0ccf80d23fcfde35592a" score = 75 @@ -88655,8 +89451,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerytcc_142313Cb : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Infostealer_MdQueryTCC.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Infostealer_MdQueryTCC.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "e00015867ad0a0c440a49364945fe828d50675ecfd2039028653d97c77cff323" score = 75 @@ -88684,8 +89480,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_1Cab7Ea1 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8bae3ea4304473209fc770673b680154bf227ce30f6299101d93fe830da0fe91" score = 75 quality = 73 @@ -88713,8 +89509,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_7E802F95 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8f293cdbdc3c395e18c304dfa43d0dcdb52b18bde5b5d084190ceec70aea6cbd" score = 75 quality = 75 @@ -88743,8 +89539,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_Efafbe48 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c9d203620e0e6e04d717595ca70a5e5efa74abfc11e4e732d729caab2d246c27" score = 75 quality = 75 @@ -88780,8 +89576,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_5625D3F6 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8c22cf9dfbeba7391f6d2370c88129650ef4c778464e676752de1d0fd9c5b34e" score = 75 quality = 75 @@ -88812,8 +89608,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_6Cab0Ec0 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "c19fe812b74b034bfb42c0e2ee552d879ed038e054c5870b85e7e610d3184198" score = 75 @@ -88841,8 +89637,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_293Bfea9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "b8bd0d034a6306f99333723d77724ae53c1a189dad3fad7417f2d2fde214c24a" score = 75 @@ -88873,8 +89669,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_448Fa81D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "ab0608920b9f632bad99e1358f21a88bc6048f46fca21a488a1a10b7ef1e42ae" score = 75 @@ -88904,8 +89700,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_768Df39D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "140ba93d57b27325f66b36132ecaab205663e3e582818baf377e050802c8d152" score = 75 quality = 75 @@ -88933,8 +89729,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_7Ce0B709 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "56fc05ece464d562ff6e56247756454c940c07b03c4a4c783b2bae4d5807247a" score = 75 quality = 75 @@ -88962,8 +89758,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_F11Ccdac : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_find_port.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fcf578d3e98b591b33cb6f4bec1b9e92a7e1a88f0b56f3c501f9089d2094289c" score = 75 quality = 75 @@ -88991,8 +89787,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_D9B16F4C : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8e082878fb52f6314ec8c725dd279447ee8a0fc403c47ffd997712adb496e7c3" score = 75 quality = 75 @@ -89020,8 +89816,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_2992B917 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "10056ffb719092f83ad236a63ef6fa1f40568e500c042bd737575997bb67a8ec" score = 75 quality = 75 @@ -89049,8 +89845,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_27D409F1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x64/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b757e0ab6665a3e4846c6bbe4386e9d9a730ece00a2453933ce771aec2dd716e" score = 75 quality = 75 @@ -89078,8 +89874,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_65A2394B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/osx/x86/vforkshell.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f01f671b0bf9fa53aa3383c88ba871742f0e55dbdae4278f440ed29f35eb1ca1" score = 75 quality = 75 @@ -89107,8 +89903,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_C7B7A90B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d4b1f01bf8434dd69188d2ad0b376fad3a4d9c94ebe74d40f05019baf95b5496" score = 75 quality = 75 @@ -89136,8 +89932,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_4Bd6Aaca : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a3de610ced90679f6fa0dcdf7890a64369c774839ea30018a7ef6fe9289d3d17" score = 75 quality = 75 @@ -89165,8 +89961,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_5E5B685F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cdf0a3c07ef1479b53d49b8f22a9f93adcedeea3b869ef954cc043e54f65c3d0" logic_hash = "003fb4f079b125f37899a2b3cb62d80edd5b3e5ccbed5bc1ea514a4a173d329d" score = 75 @@ -89194,8 +89990,8 @@ rule ELASTIC_Windows_Trojan_Beam_E41B243A : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Beam.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Beam.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "295837743ecfa51e1713d19cba24ff8885c8716201caac058ae8b2bc9e008e6c" score = 75 @@ -89226,8 +90022,8 @@ rule ELASTIC_Windows_Trojan_Beam_5A951D13 : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Beam.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Beam.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "3419b649717b69f07334bd966f438dd0b77f03572fe14f4b88ce95a2a86cae07" score = 75 @@ -89255,8 +90051,8 @@ rule ELASTIC_Windows_Trojan_Afdk_C952Fcfa : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "a0589a3bf9e733e615b6e552395b3ff513e4fad7efd7d2ebea634aa91d2f60d9" score = 75 @@ -89284,8 +90080,8 @@ rule ELASTIC_Windows_Trojan_Afdk_5F8Cc135 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "0523a0cc3a4446f2ac88c72999568313c6b40f7f8975b8e332c0c6b1e48c5d76" score = 75 @@ -89315,8 +90111,8 @@ rule ELASTIC_Windows_Ransomware_Grief_9953339A : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0" logic_hash = "f99ea1e1f59dc2999659cbe649e76001dd7139b1438440717b60f081d1e99d70" score = 75 @@ -89344,8 +90140,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_21B60705 : FILE MEMORY date = "2023-03-19" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ba97c51ba503fa4bdcfd5580c75436bc88794b4ae883afa1d92bb0b2a0f5efe" logic_hash = "ef3f60689d72553111b42b27e0a1a0316288ae07fbfaf159eea8c76380d528fa" score = 75 @@ -89379,8 +90175,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_1Da1C2C2 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9bfc4fed7afc79a167cac173bf3602f9d1f90595d4e41dab68ff54973f2cedc1" logic_hash = "bf5d45fe79dacfc6aee5cfd788ec6ce77e99e55d5a6d294da57c126bedf75ee9" score = 75 @@ -89415,8 +90211,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "56b5ff5132ec1c5836223ced287d51a9ecee8d2b081f449245e136b1262a8714" logic_hash = "423b68717a7aead3c871e7fc744e35dad1cfd7727bfba2bdaec69fb782540380" score = 75 @@ -89446,8 +90242,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY date = "2024-04-03" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d" logic_hash = "039d6de0d072be6717ba3eb90735d7b4898d3bbac83db4feb75efcdbca8fd98b" score = 75 @@ -89478,8 +90274,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_C4760266 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05074675b07feb8e7556c5af449f5e677e0fabfb09b135971afbb11743bf3165" logic_hash = "b8c1c56681aac4e1b1741dfa3ea929677214873b6f1795423a80742f699249de" score = 75 @@ -89507,8 +90303,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_1F885282 : FILE MEMORY date = "2021-06-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409" logic_hash = "c76941a83e18f11ed5af701e89616d324ddba613a95069997ea8f1830f328307" score = 75 @@ -89536,8 +90332,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_0F421617 : FILE MEMORY date = "2021-07-20" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080" logic_hash = "0076ccbe43ae77e3a80164d43832643f077e659a595fff01c87694e2274c5e86" score = 75 @@ -89565,8 +90361,8 @@ rule ELASTIC_Windows_Trojan_P8Loader_E478A831 : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f1a7de6bb4477ea82c18aea1ddc4481de2fc362ce5321f4205bb3b74c1c45a7e" score = 75 quality = 75 @@ -89600,8 +90396,8 @@ rule ELASTIC_Windows_Trojan_Stealc_B8Ab9Ab5 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "5fc5d5cea481d1d204d1aa6c52679a23eb59438df2fe547d14c00524772867bb" score = 75 @@ -89637,8 +90433,8 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "b79ac3e65cd7d2819d6a49f59ec661241c97174f66a7c4ada91932f10fc43583" score = 75 @@ -89669,8 +90465,8 @@ rule ELASTIC_Windows_Trojan_Stealc_5D3F297C : FILE MEMORY date = "2024-03-05" modified = "2024-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Stealc.yar#L52-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Stealc.yar#L52-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "885c8cd8f7ad93f0fd43ba4fb7f14d94dfdee3d223715da34a6e2fbb4d25b9f4" logic_hash = "556d3bc9374a5ec23faa410900dfc94b5534434c9733165355d281976444a42b" score = 75 @@ -89698,8 +90494,8 @@ rule ELASTIC_Linux_Cryptominer_Presenoker_3Bb5533D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bbc155c610c7aa439f98e32f97895d7eeaef06dab7cca05a5179b0eb3ba3cc00" logic_hash = "13bf69ea6bc7df5ba9ebffe67234657f2ecab99e28fd76d0bbedceaf9706a4dd" score = 75 @@ -89727,8 +90523,8 @@ rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "051f60f9f4665b96f764810defe9525ae7b4f9898249b83a23094cee63fa0c3b" logic_hash = "021a56dd47d9929e71b82b00d24aa8969a31945681dcf414c69b8d175fb0b6eb" score = 75 @@ -89760,8 +90556,8 @@ rule ELASTIC_Windows_Vulndriver_Mtcbsv_7F6D642E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c" logic_hash = "dfd53a2b97ad722307561fc5f109dcba372bf600113786bb351ed1262fdc8556" score = 75 @@ -89791,8 +90587,8 @@ rule ELASTIC_Macos_Trojan_Genieo_5E0F8980 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6c698bac178892dfe03624905256a7d9abe468121163d7507cade48cf2131170" logic_hash = "76b725f6ae5755bb00d384ef2ae1511789487257d8bb7cb61b893226f03a803e" score = 75 @@ -89820,8 +90616,8 @@ rule ELASTIC_Macos_Trojan_Genieo_37878473 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0fadd926f8d763f7f15e64f857e77f44a492dcf5dc82ae965d3ddf80cd9c7a0d" logic_hash = "bb04ae4e0a98e0dbd0c0708d5e767306e38edf76de2671523f4bd43cbcbfefc2" score = 75 @@ -89849,8 +90645,8 @@ rule ELASTIC_Macos_Trojan_Genieo_0D003634 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bcd391b58338efec4769e876bd510d0c4b156a7830bab56c3b56585974435d70" logic_hash = "0412f88408fb14d1126ef091d0a5cc0ee2b2e39aeb241bef55208b59830ca993" score = 75 @@ -89878,8 +90674,8 @@ rule ELASTIC_Macos_Trojan_Genieo_9E178C0B : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7760e73195c3ea8566f3ff0427d85d6f35c6eec7ee9184f3aceab06da8845d8" logic_hash = "212f96ca964aceeb80c6d3282d488cfbb74aeffb9c0c9dd840a3a28f9bbdcbea" score = 75 @@ -89907,8 +90703,8 @@ rule ELASTIC_Windows_Trojan_Njrat_30F3C220 : FILE MEMORY date = "2021-06-13" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b" logic_hash = "76347165829415646f943bb984cd17ca138cf238d03f114c498dbcec081d5ae3" score = 75 @@ -89941,8 +90737,8 @@ rule ELASTIC_Windows_Trojan_Njrat_Eb2698D2 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d537397bc41f0a1cb964fa7be6658add5fe58d929ac91500fc7770c116d49608" logic_hash = "c32a641f2d639f56a8137b3e0d0be3261fba30084eeba9d1205974713413af9f" score = 75 @@ -89970,8 +90766,8 @@ rule ELASTIC_Windows_Trojan_Blackwood_2B94Bce9 : FILE MEMORY date = "2024-03-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c37dd77f659059da7e12e13b063036ee69097a4d2f88c170832fff78f3788991" logic_hash = "279e85ce3bb974ce5af541e7307cb2fd1031f36c9da013756883172a765b0e19" score = 75 @@ -90006,8 +90802,8 @@ rule ELASTIC_Macos_Virus_Vsearch_0Dd3Ec6F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "17a467b000117ea6c39fbd40b502ac9c7d59a97408c2cdfb09c65b2bb09924e5" score = 75 quality = 75 @@ -90034,8 +90830,8 @@ rule ELASTIC_Macos_Virus_Vsearch_2A0419F8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fa9b811465e435bff5bc0f149ff65f57932c94f548a5ece4ec54ba775cdbb55a" score = 75 quality = 75 @@ -90062,8 +90858,8 @@ rule ELASTIC_Windows_Wiper_Doublezero_65Ec0C50 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe" logic_hash = "bce33817d99f71b9d087ea079ef8db08b496315b72cf9d1cf6f0b107a604e52c" score = 75 @@ -90095,8 +90891,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_Db41F9D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "81642b4ff1b6488098f019c5e992fc942916bc6eb593006cf91e878ac41509d6" score = 75 quality = 75 @@ -90123,8 +90919,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_77D184Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1bb44b567b3c82f7ee0e08b16f7326d1af57efe77d608a96b2df43aab5faa9f7" logic_hash = "0ae9c41d3eb7964344f71b9708278a0e83776228e4455cf0ad7c08e288305203" score = 75 @@ -90152,8 +90948,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_C9888Edb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d798e9f15645de89d73e2c9d142189d2eaf81f94ecf247876b0b865be081dca" logic_hash = "608f2340b0ee4b843933d8137aa0908583a6de477e6c472fb4bd2e5bb62dfb80" score = 75 @@ -90181,8 +90977,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_81Fccd74 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "2a183f613fca5ec30dfd82c9abf72ab88a2c57d2dd6f6483375913f81aa1c5af" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "18f7ca953d22f02c1dbf03595a19b66ea582d2c1623f0042dcf15f86556ca41e" score = 75 quality = 75 @@ -90209,8 +91005,8 @@ rule ELASTIC_Windows_Trojan_Backoff_22798F00 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "65b5aff18a4e0bc29d7cc4cfbe2d5882f99a855727fe467b2ba2e2851c43d21b" score = 75 quality = 75 @@ -90242,8 +91038,8 @@ rule ELASTIC_Windows_Vulndriver_Gvci_F5A35359 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f" logic_hash = "beb0c324358a016e708dae30a222373113a7eab8e3d90dfa1bbde6c2f7874362" score = 75 @@ -90271,8 +91067,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_563Ecb11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "b93e6ab097ccd4c348d228a48df098594e560e62256bfe019669ca9488221214" score = 75 @@ -90300,8 +91096,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_Ab3396D5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c5ec84e7cc891af25d6319abb07b1cedd90b04cbb6c8656c60bcb07e60f0b620" logic_hash = "8c083f66fc252a88395bb954a67d710d64f5b68efb9df4b60b260302874b400a" score = 75 @@ -90329,8 +91125,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_F07357F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "cfe217fe108de787600d1ef06ac6738d84aedfc46e5632143692a9f83cb62df7" score = 75 @@ -90358,8 +91154,8 @@ rule ELASTIC_Linux_Exploit_Alie_E69De1Ee : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Alie.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Alie.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "882839549f062ab4cbe6df91336ed320eaf6c2300fc2ed64d1877426a0da567d" logic_hash = "bb4625751c924b9ff5d32cc044fcff68892e82d9e94d679c4e4c8286f680a854" score = 75 @@ -90387,8 +91183,8 @@ rule ELASTIC_Linux_Trojan_Springtail_35D5B90B : FILE MEMORY date = "2024-05-18" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213" logic_hash = "7158e60aedfde884d9ee01457abfe6d9b6b1df9cdc1c415231d98429866eaa6c" score = 75 @@ -90421,8 +91217,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY date = "2023-12-12" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "330f5067c93041821be4e7097cf32fb569e2e1d00e952156c9aafcddb847b873" hash = "e2a620e76352fa7ac58407a711821da52093d97d12293ae93d813163c58eb84b" logic_hash = "c0792bc3c1a2f01ff4b8d0a12c95a74491c2805c876f95a26bbeaabecdff70e9" @@ -90451,8 +91247,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_08Bfc26B : FILE MEMORY date = "2024-05-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1a6d2d78cc50f080f1fe4cadc6043027bf201d194f2b73625ce3664433a3966" logic_hash = "b31b9f8460b606426c1101eba39a41a75c7ecaafc62388a6a5ac0f24057561ed" score = 75 @@ -90482,8 +91278,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_9F3A5Abb : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94" logic_hash = "27a34e48141fe260c16c12a2652e440d2540ca5f0c84b41c9c4762dcab44ffd4" score = 75 @@ -90518,8 +91314,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_2A2E3B9D : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "38881b87826f184cc91559555a3456ecf00128e01986a9df36a72d60fb179ccf" logic_hash = "c42605ebba900fafb4ec2d34d93bb7adb69e731ce151b82a95889dd0d738da00" score = 75 @@ -90548,8 +91344,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_23489175 : FILE MEMORY date = "2023-06-14" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "697742d5dd071add40b700022fd30424cb231ffde223d21bd83a44890e06762f" logic_hash = "be41fc53f7098ca3cf718e8066a488196423ede993466c9a24ad2af387e03b24" score = 75 @@ -90584,8 +91380,8 @@ rule ELASTIC_Windows_Infostealer_Phemedronestealer_Bed8Ea8A : FILE MEMORY date = "2024-03-21" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "38279fdad25c7972be9426cadb5ad5e3ee7e9761b0a41ed617945cb9a3713702" logic_hash = "88fc33abfe6c7a611aa0c354645b06e9e74121ffc9a5acd20b4d3a59287489d6" score = 75 @@ -90624,8 +91420,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_D74273B3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "126246689b28e92ed10bfa6165f06ff7d4f0e062de7c58b821eaaf5e3cae9306" score = 75 quality = 75 @@ -90653,8 +91449,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_Bca25Ac6 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7670f9dafacc8fc5998c1974af66ede388c0997545da067648fec4fd053f0001" score = 75 quality = 75 @@ -90689,8 +91485,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerytoken_1C52D574 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Infostealer_MdQueryToken.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Infostealer_MdQueryToken.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ede29154aae99bb67075e21acb694b089f9a1b366a4e2505cb761142393994a8" score = 75 quality = 71 @@ -90718,8 +91514,8 @@ rule ELASTIC_Macos_Virus_Pirrit_271B8Ed0 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7feda05d41b09c06a08c167c7f4dde597ac775c54bf0d74a82aa533644035177" logic_hash = "cb77f6df1403afbc7f45d30551559b6de7eb1c3434778b46d31754da0a1b1f10" score = 75 @@ -90747,8 +91543,8 @@ rule ELASTIC_Windows_Hacktool_Sharpchromium_41Ce5080 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9dd65aa53728d51f0f3b9aaf51a24f8a2c3f84b4a4024245575975cf9ad7f2e5" logic_hash = "50972a6e6af1d7076243320fb6559193e0c46ac1300aa62d12390fdeb2fffdcd" score = 75 @@ -90780,8 +91576,8 @@ rule ELASTIC_Windows_Trojan_Pingpull_09Dd9559 : FILE MEMORY date = "2022-06-16" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "de14f22c88e552b61c62ab28d27a617fb8c0737350ca7c631de5680850282761" logic_hash = "114674b1a9acfc7643138d3b07885343a50c9d319b8d22a6ef34e916685c4469" score = 75 @@ -90815,8 +91611,8 @@ rule ELASTIC_Windows_Trojan_Privateloader_96Ac2734 : FILE MEMORY date = "2023-01-03" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "077225467638a420cf29fb9b3f0241416dcb9ed5d4ba32fdcf2bf28f095740bb" logic_hash = "9f96f1c54853866e124d0996504e6efd3d154111390617999cc10520d7f68fe6" score = 75 @@ -90847,8 +91643,8 @@ rule ELASTIC_Linux_Virus_Thebe_1Eb5985A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Virus_Thebe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Virus_Thebe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "30af289be070f4e0f8761f04fb44193a037ec1aab9cc029343a1a1f2a8d67670" logic_hash = "7d4bc4b1615048dec1f1fac599afa667e06ccb369bb1242b25887e0ce2a5066a" score = 75 @@ -90876,8 +91672,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_B9E88336 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986" logic_hash = "b8d1c4c1e33fc0b54a62f82b8f53c9a1b051ad8c2f578d2a43f504158d1d9247" score = 75 @@ -90908,8 +91704,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_Ec14D5F2 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f45adcc2aad5c0fd900df4521f404bc9ca71b01e3378a5490f5ae2f0c711912e" logic_hash = "2838851a5e013705b64625801d2ab1d56cfc17c52f75a5fd71448cb0a4b4b683" score = 75 @@ -90941,8 +91737,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5c450d4be39caef1d9ec943f5dfeb6517047175fec166a52970c08cd1558e172" logic_hash = "4d61de2cb37e12f62326c1717f6ed44554f5d2aa7ede6033d0c988e5e64df54d" score = 75 @@ -90970,8 +91766,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_06Fd4Ac4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "bde387f1e22d1399fb99f6d41732a37635d8e90f29626f2995914a073a7cac89" score = 75 quality = 75 @@ -90999,8 +91795,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Ce4305D1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c547114475383e5d84f6b8cb72585ddd5778ae3afa491deddeef8a5ec56be1b5" score = 75 quality = 75 @@ -91027,8 +91823,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1E56Fad7 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "815b37804f79fb4607e6b84294882d818233c3df13aececb3d341244900a2e44" score = 75 quality = 75 @@ -91055,8 +91851,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_93C9A2A4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "dadeeba6147b118b80e014ab067eac7a2c3c2990958a6c7016562d8b64fef53c" score = 75 quality = 75 @@ -91083,8 +91879,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5340Afa3 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8b9d3c978f0c4a04ee5b3446b990172206b17496036bc1cc04180ea7e9b99734" score = 75 quality = 75 @@ -91111,8 +91907,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_E7932501 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f82704a408a0cf1def2a5926dc4c02fa56afea1422c88ba41af50d44c60edb07" score = 75 quality = 75 @@ -91139,8 +91935,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cd0868D5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "053a99e5e722fd2aa1cae96266cc344954f9c3a12d0851fa9d5e95a6420651f4" score = 75 quality = 75 @@ -91167,8 +91963,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_515504E2 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5410068e09de4a1283f98f6364ddf243373e228ba060b00699db6323f1167684" score = 75 quality = 75 @@ -91195,8 +91991,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_A0Fc8F35 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7ab2b45ddfc1d7fa409a6ea3dfd8d4940e1bdf3fc0cb6c7e8d49c60e7bda5b1b" score = 75 quality = 75 @@ -91223,8 +92019,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cb95Dc06 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "563b2311d37ace2d09601a70325352db3fcbf135e7ce518965f5410081b5d626" score = 75 quality = 75 @@ -91251,8 +92047,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9D4D3Fa4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7c3c9917a95248fd990b6947a0304ded473bf1bcceec8f4498a7955e879d348b" score = 75 quality = 75 @@ -91279,8 +92075,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_34F00046 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f9d646645d6726e3aac5cc3eaea9edf1c89c7e743aff7cfa73998a72f3446711" score = 75 quality = 75 @@ -91307,8 +92103,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F2A18B09 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c4c4b0b1df1e8fde87284fb27d46e917c47b479a675fec60faeca6185511907d" score = 75 quality = 75 @@ -91335,8 +92131,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D916Ae65 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e0aafe498cd9f0e8addfef78027943a754ca797aafae0cb40f1c6425de501339" score = 75 quality = 75 @@ -91363,8 +92159,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_52722678 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6340171fdde68b32de480f1f410aa4c491a8fffa7c1f699bf5fa72a12ecb77b8" score = 75 quality = 75 @@ -91391,8 +92187,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_28A60148 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "20a26ed3f0da3a77867597494bf0069a2093ec19b1c5e179c0e7934c1b69d4b9" score = 75 quality = 75 @@ -91419,8 +92215,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_997B25A0 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ca688086c4628c64c32a99083d620bcb5373e3100d154331451a3e9f86081aca" score = 75 quality = 75 @@ -91447,8 +92243,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_B17B33A1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7fa69674d1e985bafe310597f23ae80113136768141f0a1931baf88b2509e6ef" score = 75 quality = 75 @@ -91475,8 +92271,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_23D77Ae5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "844974a2d3266e1f9ba275520c0e8a5d176df69a0ccd5135b99facf798a5d209" logic_hash = "e5f5cf854ebd0e25fffbd6796217f22223a06937e1cacb33baa105ac41731256" score = 75 @@ -91518,8 +92314,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5574Be7D : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c5c0d27153f60ef8aec57def2f88e3d5f9a7385b5e8b8177bab55fa7fac7b18" logic_hash = "ed0fc98c5d628ce38b923e1410eaf7a4a65ecffea42bed35314e30c99a52219b" score = 75 @@ -91563,8 +92359,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1473F0B4 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9cfb441eb5c60ab1c90b58d4878543ee554ada2cceee98d6b867e73490d30fec" logic_hash = "dc13625e58c029c60b8670f8e63cd7786bf3e9705c462f3cbbf5b39e7c02f9a1" score = 75 @@ -91599,8 +92395,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Dcf25Dde : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ba2a255671d33677cab8d93531eb25c0b1f1ac3e3085b95365a017463662d787" logic_hash = "64d15d92faf0919a8fa1ce6772750cde47eaa24b09cf4243393777334bad9712" score = 75 @@ -91651,8 +92447,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_46Dc12Dd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf38a787aee5afdcab00b95ccdf036bc7f91f07151b4444b54165bb70d649ce5" logic_hash = "e01209a83f4743cbad7dda01595c053277868bd47208e48214b557ae339b5b3c" score = 50 @@ -91686,8 +92482,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_78A26074 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8cd75fa8650ebcf0a6200283e474a081cc0be57307e54909ee15f4d04621dde0" logic_hash = "3837c22f7f9d55f03cb0bc1336798f0e2a91549c187b9f5136491cbafd26ce6e" score = 75 @@ -91731,8 +92527,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_217B9C97 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1e90a73793017720c9a020069ed1c87879174c19c3b619e5b78db8220a63e9b7" logic_hash = "9b2b8a8154d4aba06029fd35d896331449f7baa961f183fb0cb47e890610ff99" score = 75 @@ -91777,8 +92573,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D2110921 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05ef40f7745db836de735ac73d6101406e1d9e58c6b5f5322254eb75b98d236a" logic_hash = "39ef17836f29c358f596e0047d582b5f1d1af523c8f6354ac8a783eda9969554" score = 75 @@ -91817,8 +92613,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_0114D469 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "083cb35a7064aa5589efc544ac1ed1b04ec0f89f0e60383fcb1b02b63f4117e9" logic_hash = "6ca8e73f758d3fa956fe53cc83abb43806359f93df05c42a58e2f394a1a3c117" score = 75 @@ -91861,8 +92657,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_07239Dad : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dbd534f2b5739f89e99782563062169289f23aa335639a9552173bedc98bb834" logic_hash = "231592d1a45798de6d22c922626ca28ef4019bae95d552a0f2822823d8dec384" score = 75 @@ -91906,8 +92702,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Fd7A39Af : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d5bb8d94b71d475b5eb9bb4235a428563f4104ea49f11ef02c8a08d2e859fd68" logic_hash = "15cb286504e6167c78e194488555f565965a03e7714fe16692a115df26985a01" score = 75 @@ -91951,8 +92747,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_2D89E9Cd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3963649ebfabe8f6277190be4300ecdb68d4b497ac5f81f38231d3e6c862a0a8" logic_hash = "c15833687c2aed55aae0bb5de83c088cb66edeb4ad1964543522f5477c1f1942" score = 75 @@ -92006,8 +92802,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_32930807 : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d" logic_hash = "e98503696bd72cab4d0d1633991bdb87c0537fd1e2d95507ccd474125328f318" score = 75 @@ -92038,8 +92834,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_618B27D2 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e" logic_hash = "e66a9dd7efdbff8b9e30119d0e99187e3dfa4ca1c1bc1ade0f8f1003d10e2620" score = 75 @@ -92082,8 +92878,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_6Eb31E7B : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3e3d82ea4764b117b71119e7c2eecf46b7c2126617eafccdfc6e96e13da973b1" logic_hash = "5b6902c8644c79bd183725f0e41bf2f7ae425bf0eb1dddea6fd1a38b77f176ba" score = 75 @@ -92120,8 +92916,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_91516Cf4 : FILE MEMORY date = "2021-03-30" modified = "2021-08-31" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066" logic_hash = "6c0bdd6827bebb337c0012cdb6e931cd96ce2ad61f3764f288b96ff049b2d007" score = 75 @@ -92153,8 +92949,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Be718Af9 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c1f1bc58456cff7413d7234e348d47a8acfdc9d019ae7a4aba1afc1b3ed55ffa" logic_hash = "d020f7d1637fc4ee3246e97c9acae0be1782e688154bd109f53f807211beebd7" score = 75 @@ -92187,8 +92983,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F8Dac4Bc : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13d102d546b9384f944f2a520ba32fb5606182bed45a8bba681e4374d7e5e322" logic_hash = "d4536aac0ee402abcb87826e45c892d6f39562bc1e39b72ae8880dc077f230d9" score = 75 @@ -92229,8 +93025,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9C0Fa8Fe : FILE MEMORY date = "2021-07-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f528c3ea7138df7c661d88fafe56d118b6ee1d639868212378232ca09dc9bfad" logic_hash = "23aebc3139c34ecd609db7920fa0d5e194173409e1862555e4c468dad6c46299" score = 75 @@ -92258,8 +93054,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_584A227A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c823cb669f1d6cb9258d6f0b187609c226af23396f9c5be26eb479e5722a9d97" logic_hash = "db3b6bbab48074449ae8b404f8fa77d93cde1ab8e57bd4ad981ac2afb8226494" score = 75 @@ -92287,8 +93083,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_Be0Bc02D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "24c0ba8ad4f543f9b0aff0d0b66537137bc78606b47ced9b6d08039bbae78d80" logic_hash = "67c4f2d875f233b52fcbc24d9225c51af4dc09c27ce3915f0d756202bd4e5867" score = 75 @@ -92316,8 +93112,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_03Ee53D3 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "711eafd09d4e5433be142d54db153993ee55b6c53779d8ec7e76ca534b4f81a5" logic_hash = "e7d9c66621ad3c56f3bb8150c17b10495053d9485b2143750aeefd3c55ab7943" score = 75 @@ -92345,8 +93141,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_8C36Ddc1 : FILE MEMORY date = "2022-12-14" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54" logic_hash = "17ce8090b88100f00c07df0599cd51dc7682f4c43de989ce58621df97eca42fb" score = 75 @@ -92382,8 +93178,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_Ad3Fe5C6 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "b625221b77803c2c052db09c90a76666cf9e0ae34cb0d59ae303e890e646e94b" score = 75 @@ -92418,8 +93214,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_D801Ce71 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "c2d00d64d69cb5d24d76f6c551b49aa1acef1e1bab96f7ed7facc148244a8370" score = 75 @@ -92449,8 +93245,8 @@ rule ELASTIC_Windows_Hacktool_Rubeus_43F18623 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7b4691ad1cdad7663c32d07e911a03d9cc8b104f724c2825fd4957007649235" logic_hash = "8714f30e12c0dc61c83491a71dbf9f1e9b6bc66663a8f2c069e7a7841d52cf68" score = 75 @@ -92486,8 +93282,8 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY date = "2022-08-02" modified = "2022-08-16" reference = "https://www.elastic.co/security-labs/luna-ransomware-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51" logic_hash = "14e40c5b1a21ba31664ed31b04bfc4a8646b3e31f96d39e0928a3d6a50d79307" score = 75 @@ -92522,8 +93318,8 @@ rule ELASTIC_Linux_Trojan_Badbee_231Cb054 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "832ba859c3030e58b94398ff663ddfe27078946a83dcfc81a5ef88351d41f4e2" logic_hash = "a1ed8f2da9b4f891a5c65d943424bb7c465f0d07e7756e292c617ce5ef14d182" score = 75 @@ -92551,8 +93347,8 @@ rule ELASTIC_Windows_Vulndriver_Marvinhw_37326842 : FILE date = "2022-07-21" modified = "2022-07-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5" logic_hash = "f37290912ab7d997d718c074eef48a67a36444e9e97592b6be65855ade2ba246" score = 50 @@ -92583,8 +93379,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_D3F68E29 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d9c78c822dfd29a1d9b1909bf95cab2a9550903e8f5f178edeb7a5a80129fbdb" logic_hash = "cc336e536e0f8dda47f9551dfabfc50c2094fffe4a69cdcec23824dd063dede0" score = 75 @@ -92614,8 +93410,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_365Ecbb9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "66f16c8694c5cfde1b5e4eea03c530fa32a15022fa35acdbb676bb696e7deae2" score = 75 @@ -92643,8 +93439,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_4E7D4488 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "708b21b687c8b853a9b5f8a50d31119e4f0a02a5b63f81ba1cac8c06acd19214" score = 75 @@ -92672,8 +93468,8 @@ rule ELASTIC_Macos_Trojan_Hloader_A3945Baf : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1" logic_hash = "0383485b6bbcdae210a6c949f6796023b2f7ec3f1edbd2116207fc2b75a67849" score = 75 @@ -92703,8 +93499,8 @@ rule ELASTIC_Linux_Trojan_Banload_D5E1C189 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Banload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Banload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "48bf0403f777db5da9c6a7eada17ad4ddf471bd73ea6cf02817dd202b49204f4" logic_hash = "3f0bee251152a8c835a3bf71dc33c2e150705713c50ca2cfdbeb69361ed91a09" score = 75 @@ -92732,8 +93528,8 @@ rule ELASTIC_Linux_Exploit_Foda_F41E9Ef9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Foda.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Foda.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6059a6dd039b5efa36ce97acbb01406128aaf6062429474e422624ee69783ca8" logic_hash = "7b15fef304b91601a76c6fcf48a892105d6eedf5a3e2395ab7c2937a84709d9f" score = 75 @@ -92761,8 +93557,8 @@ rule ELASTIC_Linux_Ransomware_Noescape_6De58E0C : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561" logic_hash = "c275d0cfdadcaabe57c432956e96b4bb344d947899fa5ad55b872e02b4d44274" score = 75 @@ -92792,8 +93588,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_83715433 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba" logic_hash = "7a7328322c2c1e128e267e92de0964e78ad9f49b7de8ec69d7f0632c69723a7d" score = 75 @@ -92821,8 +93617,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_28A2Fe0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "04bbc6c40cdd71b4185222a822d18b96ec8427006221f213a1c9e4d9c689ce5c" score = 75 quality = 73 @@ -92849,8 +93645,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eb96Cc26 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "440318179ba2419cfa34ea199b49ee6bdecd076883d26329bbca6dca9d39c500" logic_hash = "3d8740a6cca4856a73ea745877a3eb39cbf3ad4ca612daabd197f551116efa04" score = 75 @@ -92878,8 +93674,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5008Aee6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b32cd71fcfda0a2fcddad49d8c5ba8d4d68867b2ff2cb3b49d1a0e358346620c" logic_hash = "538bae17dcf0298e379f656e1dba794b75af6c7448a23253a51994bde9d30524" score = 75 @@ -92907,8 +93703,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6321B565 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730" logic_hash = "ad5c73ab68059101acf2fd8cfb3d676fd1ff58811e1c4b9008c291361ee951b8" score = 75 @@ -92936,8 +93732,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A6A2Adb9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "8f5fc4cb1ad51178701509a44a793e119fe7e7fad97eafcac8be14fce64e3b7b" score = 75 @@ -92965,8 +93761,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_C573932B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "174a3fcebc1e17cc35ddc11fde1798164b5783fc51fdf16581a9690c3b4d6549" score = 75 @@ -92994,8 +93790,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A10161Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "12ba13a746300d1ab1d0386b86ec224eebf4e6d0b3688495c2fee6a7eccc361d" score = 75 quality = 75 @@ -93022,8 +93818,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ae01D978 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c6c22b11dc1f0d4996e5da92c6edf58b7d21d7be40da87ddd39ed0e2d4c84072" score = 75 quality = 75 @@ -93050,8 +93846,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9E9530A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "6a5a80e58c86a80f8954e678a2cc26b258d7d7c50047a3e71f3580f1780e3454" score = 75 @@ -93079,8 +93875,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5Bf62Ce4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "848e0c796584cfa21afc182da5f417f5467ae84c74f52cabc13e0f5de4990232" score = 75 @@ -93108,8 +93904,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F3D83A74 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "2db46180e66c9268a97d63cd1c4eb8439e6882b4e3277bc4848e940e4d25482f" score = 75 @@ -93137,8 +93933,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_807911A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "66b15304d5ed22daea666bd0e2b18726b8a058361ff8d69b974bfded933a4d8c" score = 75 quality = 75 @@ -93165,8 +93961,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9C18716C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0e70dc82b2049a6f5efcc501e18e6f87e04a2d50efcb5143240c68c4a924de52" score = 75 quality = 75 @@ -93193,8 +93989,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fbed4652 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2ea21358205612f5dc0d5f417c498b236c070509531621650b8c215c98c49467" logic_hash = "fc1f501123ab7421034e183186b077f65838b475f883d4ff04e8fc8a283424ef" score = 75 @@ -93222,8 +94018,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_94A44Aa5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a7694202f9c32a9d73a571a30a9e4a431d5dfd7032a500084756ba9a48055dba" logic_hash = "deb46c2960dc4868b7bac1255d8753895950bc066dec03674a714860ff72ef2c" score = 60 @@ -93251,8 +94047,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E0673A90 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "149147eedd66f9ca2dad9cb69f37abc849d44331ec1b5d2917ab3867ced0b274" score = 75 @@ -93280,8 +94076,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_821173Df : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163" logic_hash = "1c6c7666983c43176aa1a9628fb4352f8f11729e02dda13669ca2e62aed5f4ee" score = 75 @@ -93309,8 +94105,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_31796A40 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "227c7f13f7bdadf6a14cc85e8d2106b9d69ab80abe6fc0056af5edef3621d4fb" logic_hash = "0e0e901d12edd77e77a205f8547f891f483fc8676493e9b7a324e970225af3c9" score = 75 @@ -93338,8 +94134,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_750Fe002 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "eb9907d8a63822c2e3ab57d43dca8ede7876610f029e2f9c10c9eeace9ea0078" score = 75 @@ -93367,8 +94163,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6122Acdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "140b32a8f2b7493b068e63a05b3d9baec6ec14c9f2062c7e760dde96335e29f1" score = 75 quality = 75 @@ -93395,8 +94191,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A0A4De11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "220c6ba82b906f070123b3bae9aafa72c0fb3bc8d5858a4f4bd65567076eb73d" score = 75 @@ -93424,8 +94220,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A473Dcb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7ba74e3cb0d633de0e8dbe6cfc49d4fc77dd0c02a5f1867cc4a1f1d575def97d" logic_hash = "106ee9cd9c368674ae08b835f54dbb6918b553e3097aae9b0de88f55420f046b" score = 75 @@ -93453,8 +94249,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_30444846 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c84b81d79d437bb9b8a6bad3646aef646f2a8e1f1554501139648d2f9de561da" logic_hash = "26bc95efb2ea69fece52cf3ab38ce35891c77fc0dac3e26e5580ba3a88e112e9" score = 75 @@ -93482,8 +94278,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ea92Cca8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5a9598b3fd37b15444063403a481df1a43894ddcbbd343961e1c770cb74180c9" score = 75 quality = 73 @@ -93510,8 +94306,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D4227Dbf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "7953b8d08834315a6ca2c0c8ac1ec7b74a6ffcb71cec4fc053c24e1b59232c0c" score = 75 @@ -93539,8 +94335,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_09C3070E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "f8f8e8883cf1e51fbaef81b8334ac5fa45a54682d285282da62c80e4aa50a48d" score = 75 @@ -93568,8 +94364,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fa19B8Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a7cfc16ec33ec633cbdcbff3c4cefeed84d7cbe9ca1f4e2a3b3e43d39291cd6b" logic_hash = "cddf3b9948b9bc685ff7d4c00377d0f80861169707777022297e549bd166dbf0" score = 75 @@ -93597,8 +94393,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eaa9A668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "05e9047342a9d081a09f8514f0ec32d72bc43a286035014ada90b0243f92cfa8" score = 75 @@ -93626,8 +94422,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_46Eec778 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "08e77a31005e14a06197857301e22d20334c1f2ef7fc06a4208643438377f4c4" score = 75 @@ -93655,8 +94451,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F51C5Ac3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "e82b5ddb760d5bdcd146e1de12ec34c4764e668543420765146e22dee6f5732b" score = 75 @@ -93684,8 +94480,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_71E487Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b" logic_hash = "3de9e0e3334e9e6e5906886f95ff8ce3596f85772dc25021fb0ee148281cf81c" score = 75 @@ -93713,8 +94509,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6620Ec67 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b91eb196605c155c98f824abf8afe122f113d1fed254074117652f93d0c9d6b2" logic_hash = "2df2c8cdc2cb545f916159d44a800708b55a2993cd54a4dcf920a6a8dc6361e7" score = 75 @@ -93742,8 +94538,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D996D335 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda" logic_hash = "212c75ab61eac8b3ed2049966628dfc81ae5a620b4a4b38aaa0696d594910dea" score = 75 @@ -93771,8 +94567,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D0C57A2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2ac51f0943d573fdc9a39837aeefd9158c27a4b3f35fbbb0a058a88392a53c14" score = 75 quality = 75 @@ -93799,8 +94595,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_751Acb94 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1963351d209168f4ae2268d245cfd5320e4442d00746d021088ffae98e5da454" score = 75 quality = 75 @@ -93827,8 +94623,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_656Bf077 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "0c9728304e720eb2cd00afad8d16f309514473dece48fa94af6a72ca41705a36" score = 75 @@ -93856,8 +94652,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E6D75E6F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8" logic_hash = "339dd33a3313a4a94d2515cd4c2100ac6b9d5e0029881494c28dc3e7c8a05798" score = 75 @@ -93885,8 +94681,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_7167D08F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "88c07bf06801192f38ef66229a0aa5c1ef6242caeb080ce1c7cd13ad0d540c82" score = 75 @@ -93914,8 +94710,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_27De1106 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "4e266e1ae31d7d86866b112a04ca38c0a8185c18ebb10ac6497bbaa69f51b2fd" score = 75 @@ -93943,8 +94739,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_148B91A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825" logic_hash = "1a974c0882c2d088c978a52e5b535807c86f117cf2f05c40c084e849b1849f5b" score = 75 @@ -93972,8 +94768,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_20F5E74F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b" logic_hash = "067f1c15961c1ddceecb490b338db9f5b8501d89b38e870edfa628d21527dc1c" score = 75 @@ -94001,8 +94797,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_1B2E2A3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "6f40f868d20f0125721eb2a7934b356d69b695d4a558155a2ddcd0107d3f8c30" score = 75 @@ -94030,8 +94826,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_620087B9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "411451ea326498a25af8be5cd43fe0b98973af354706268c89828b88ece5e497" score = 75 @@ -94059,8 +94855,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Dd0D6173 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "7061edef1981e2b93bcdd8be47c0f6067acc140a543eed748bf0513f182e0a59" score = 75 @@ -94088,8 +94884,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_779E142F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "80ba5a1cf333fafc6a1d7823ca4a8d5c30c1c07a01d6d681c22dd29e197089f1" score = 75 @@ -94117,8 +94913,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Cf84C9F2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "9af164ece7e7e0f33dc32f18735a8f655593ae6cde34e05108f3221b71aa8676" score = 75 @@ -94146,8 +94942,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0Cd591Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4300bdd173dfb33ca34c0f2fe4fa6ee071e99d5db201262e914721aad0ad433b" score = 75 quality = 75 @@ -94174,8 +94970,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_859042A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0" logic_hash = "b8daa4a136a6511472703687fe56fbca2bd005a1373802a46c8d211b6d039d75" score = 75 @@ -94203,8 +94999,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33B4111A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "a08c0f7be26e2e9abfaa392712895bb3ce1d12583da4060ebe41e1a9c1491b7c" score = 75 @@ -94232,8 +95028,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4F43B164 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f0fdb3de75f85e199766bbb39722865cac578cde754afa2d2f065ef028eec788" logic_hash = "79a17e70e9b7af6e53f62211c33355a4c46a82e7c4e80c20ffe9684e24155808" score = 75 @@ -94261,8 +95057,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E4A1982B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4cd7aa205b3571cffca208e315d6311fa92a5993e2a8e40d342d6184811f42f0" score = 75 quality = 75 @@ -94289,8 +95085,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_862C4E0E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "a1dce44e76f9d2a517c4849c58dfecb07e1ef0d78fddff10af601184d636583f" score = 75 @@ -94318,8 +95114,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9127F7Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "2b1fa115598561e081dfb9b5f24f6728b0d52cb81ac7933728d81646f461bcae" score = 75 @@ -94347,8 +95143,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0E03B7D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "845be03fac893f8e914aabda5206000dc07947ade0b8f46cc5d58d8458f035f6" score = 75 quality = 75 @@ -94375,8 +95171,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32Eb0C81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "a06d9e1190ba79b0e19cab7468f01a49359629a6feb27b7d72f3d1d52d1483d7" score = 75 @@ -94404,8 +95200,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9Abf7E0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "00276330e388d07368577c4134343cb9fc11957dba6cff5523331199f1ed04aa" score = 75 quality = 75 @@ -94432,8 +95228,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33801844 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2ceff60e88c30c02c1c7b12a224aba1895669aad7316a40b575579275b3edbb3" logic_hash = "20b8ebce14776e48310be099afd0dca0f28778d0024318b339b75e2689f70128" score = 75 @@ -94461,8 +95257,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A33A8363 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3fe17dc43f07dacdad6ababf141983854b977e244c0af824fea0ab953ad70fee" score = 75 quality = 75 @@ -94489,8 +95285,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9A62845F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f67f8566beab9d7494350923aceb0e76cd28173bdf2c4256e9d45eff7fc8cb41" logic_hash = "b3ab125c8bfb5b7a0be0e92cf5a50057e403ab3597698ec2e7a8bafa0d3a8b80" score = 75 @@ -94518,8 +95314,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4D81Ad42 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3021a861e6f03df3e7e3919e6255bdae6e48163b9a8ba4f1a5c5dced3e3e368b" logic_hash = "57b54eed37690949ba2d4eff713691f16f00207d7b374beb7dfa2e368588dbb0" score = 75 @@ -94547,8 +95343,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6A510422 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4384536817bf5df223d4cf145892b7714f2dbd1748930b6cd43152d4e35c9e56" score = 75 quality = 75 @@ -94575,8 +95371,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D2953F92 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d0af462d26f6ffe469c57d63f1f7d551e3fb9cc39c7e4c35b3e71f659c01c076" score = 75 quality = 75 @@ -94603,8 +95399,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6Ae4B580 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "eb0fe44df1c995c5d4e3a361c3e466f78cb70bffbc76d1b7b345ee651b313b9e" score = 75 quality = 75 @@ -94631,8 +95427,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D608Cf3B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ad5b7d32c85adc7f778a8f4815e595b90a6f15dec048bcf97c6ab179582eb4f7" score = 75 quality = 75 @@ -94659,8 +95455,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_3F8Cf56E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1878f0783085cc6beb2b81cfda304ec983374264ce54b6b98a51c09aea9f750d" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b2cf8b1913a88e6a6346f0ac8cd2e7c33b41d44bf60ff7327ae40a2d54748bd9" score = 75 quality = 75 @@ -94687,8 +95483,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fb14E81F : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2efb958c269640c374485502611372f4404cf35d7ab704d20ce37b8c1f69645d" score = 75 quality = 75 @@ -94715,8 +95511,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E09726Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "1e64187b5e3b5fe71d34ea555ff31961404adad83f8e0bd1ce0aad056a878d73" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ebd00e593a7fcd46e36fd0ca213e1f82c0f4a94448b6fd605d35cea45a490493" score = 75 quality = 75 @@ -94743,8 +95539,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ad12B9B6 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "f0411131acfddb40ac8069164ce2808e9c8928709898d3fb5dc88036003fe9c8" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "72a85d14eb8ab78364ea2e8b89d9409c0046b14602f4a3415d829f4985fb2de3" score = 75 quality = 75 @@ -94771,8 +95567,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0535Ebf7 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "77e18bb5479b644ba01d074057c9e2bd532717f6ab3bb88ad2b7497b85d2a5de" logic_hash = "eb574468e9d371def0da74e6aba827272181399a84388a14ffb167ec6ebd40d1" score = 75 @@ -94800,8 +95596,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32A7Edd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "af26549c1cad0975735e2c233bc71e5e1b0e283d02552fdaea02656332ecd854" score = 75 @@ -94829,8 +95625,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D7F35B54 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "d827e21c09b8dce65db293aa57b39f49f034537bb708471989ad64e653c479be" score = 75 @@ -94858,8 +95654,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F11E98Be : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "9b9122f0897610dff6b37446b3cecbfcec3dce8dc7e1934e78cc32d5f6ac9648" score = 75 @@ -94887,8 +95683,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_8D4E4F4A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "11ee101a936f8e6949701e840ef48a0fe102099ea3b71c790b9a5128e5c59029" score = 75 @@ -94916,8 +95712,8 @@ rule ELASTIC_Linux_Exploit_Iouring_D04C1C19 : FILE MEMORY date = "2024-04-07" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "29e6a5f7b36e271219601528f3fd70831aacb8b9f05722779faa40afc97b3b60" logic_hash = "b1d8d6090576b4b5bcd435eb69ee1dc1f1947115d38b62364cf1730a4f08d317" score = 75 @@ -94947,8 +95743,8 @@ rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY date = "2023-08-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7b3b7bae1763f3c73df206f97065920fa55b973d22c967acb3d26ac8e89e60c7" score = 75 quality = 75 @@ -94985,8 +95781,8 @@ rule ELASTIC_Multi_Trojan_Mythic_E0Ea7Ef9 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Mythic.yar#L30-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Mythic.yar#L30-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e091d63c8e8b0a32a3d25cffdf02419fdbec714f31e4061bafd80b1971831c5f" logic_hash = "237307d85fe7886eb2cf351a9f7872e3e5551f05535f0b6a966a960d204aee90" score = 75 @@ -95027,8 +95823,8 @@ rule ELASTIC_Multi_Trojan_Mythic_528324B4 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Mythic.yar#L63-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Mythic.yar#L63-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2cd883eab722a5eacbca7fa82e0eebb5f6c30cffa955abcb1ab8cf169af97202" logic_hash = "8c85d086b30030a24fba9f519aed3fdf3c821932d71ceaecfe354fe07cd1d631" score = 75 @@ -95064,8 +95860,8 @@ rule ELASTIC_Windows_Trojan_Hazelcobra_6A9Fe48A : FILE MEMORY date = "2023-11-01" modified = "2023-11-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d" logic_hash = "dc4d561497c2e3da270d305ceaf3194b48d64c0d8e212ee6f03a2d89c8e006e8" score = 75 @@ -95096,8 +95892,8 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece" logic_hash = "e3f057d5a5c47a1f3b4d50e2ad0ebb3a4ffe0efe513a0d375f827fadb3328d80" score = 75 @@ -95126,8 +95922,8 @@ rule ELASTIC_Linux_Ransomware_Quantum_8513Fb8B : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3bcb9ad92fdca53195f390fc4d8d721b504b38deeda25c1189a909a7011406c9" logic_hash = "7e24be541bafc2427ecd8f76b7774fb65d7421bc300503eeb068b8104e168c70" score = 75 @@ -95156,8 +95952,8 @@ rule ELASTIC_Windows_Trojan_Bitsloth_05Fc3A0A : FILE MEMORY date = "2024-07-16" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BITSloth.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BITSloth.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0944b17a4330e1c97600f62717d6bae7e4a4260604043f2390a14c8d76ef1507" logic_hash = "8210dc28cf408f7f836aad3c32868ea21dd0862070c2c37d98b089a80be9285e" score = 75 @@ -95193,8 +95989,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_Cc0978Df : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d" logic_hash = "e2fabf5889dbdc98dc6942be4fb0de4351d64a06bab945993b2a2c4afe89984e" score = 75 @@ -95223,8 +96019,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_B3Fa382B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9" logic_hash = "36a60b78de15a52721ad4830b37daffc33d7689e8b180fe148876da00562273a" score = 75 @@ -95252,8 +96048,8 @@ rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15044273a506f825859e287689a57c6249b01bb0a848f113c946056163b7e5f1" logic_hash = "3645e10e5ef8c50e5e82d749da07f5669c5162cb95aa5958ce45a414b870f619" score = 75 @@ -95281,8 +96077,8 @@ rule ELASTIC_Windows_Trojan_Darkvnc_Bd803C2E : FILE MEMORY date = "2023-01-23" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0fcc1b02fdaf211c772bd4fa1abcdeb5338d95911c226a9250200ff7f8e45601" logic_hash = "d9e8a42a424d6a186939682e1cd2ed794c8a3765824188e863b1b2829650e2d5" score = 75 @@ -95314,8 +96110,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_E8243Dae : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510" logic_hash = "c551bd87e73f980d8836b13449490de5e639d768b72d9006d90969f3140b28e2" score = 75 @@ -95343,8 +96139,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_Dd576D28 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "88cfe6d7c81d0064045c4198d6ec7d3c50dc3ec8e36e053456ed1b50fc8c23bf" logic_hash = "7635ed94ca77c7705df4d2a9c5546ece86bf831b5bf5355943419174e0387b86" score = 75 @@ -95372,8 +96168,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_B4F2A520 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5d0d5373c5e52c4405f4bd963413e6ef3490b7c4c919ec2d4e3fb92e91f397a0" logic_hash = "520d2194593f1622a3b905fe182a0773447a4eee3472e7701cce977f5bf4fbae" score = 75 @@ -95401,8 +96197,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_1Cae6E26 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea" logic_hash = "29c0edc03934e6e7275c3870a8808e03ec85dacb1f54e10efca3123d2257db98" score = 75 @@ -95430,8 +96226,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_25D3C5Ba : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "4d461ff9b87e3a17637cef89ff8a85ef22f69695d4664f6fe8f271a6a5f7b4bc" score = 75 quality = 75 @@ -95459,8 +96255,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_878Bae7E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "94bed2220aeb41ae8069cee56cc5299b9fc56797d3b54085b8246a03d9e8bd93" score = 75 quality = 75 @@ -95489,8 +96285,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_6C726744 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "ee7586d5cbef23d1863a4dfcc5da9b97397c993268881922c681022bf4f293f0" score = 75 quality = 75 @@ -95522,8 +96318,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_1A4Ad952 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "bb854f5760f41e2c103c99d8f128a2546926a614dff8753eaa1287ac583e213a" score = 75 quality = 75 @@ -95551,8 +96347,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_72B5Fd9D : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b2abc8f70df5d730ce6a7d0bc125bb623f27b292e7d575914368a8bfc0fb5837" score = 75 quality = 75 @@ -95580,8 +96376,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_8Ba51798 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0733ae6a7e38bc2a25aa76a816284482d3ee25626559ec5af554b5f5070e534a" score = 75 quality = 75 @@ -95616,8 +96412,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_88Daaf8E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6fc463976c0fb9c3e4f25d854545d07800c63730826f3974298f0077d272cff0" score = 75 quality = 75 @@ -95645,8 +96441,8 @@ rule ELASTIC_Multi_Hacktool_Stowaway_89F1D452 : FILE MEMORY date = "2024-06-28" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_Stowaway.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_Stowaway.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c073d3be469c8eea0f007bb37c722bad30e06dc994d3a59773838ed8be154c95" logic_hash = "c5db1335fea606ec32f7a6540ee4dee637dd2ad5aee27e092b89fa03ad085690" score = 75 @@ -95682,8 +96478,8 @@ rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4d079586a51168aac708a9ab7d11a5a49dfe7a16d9ced852fbbc5884020c0c97" logic_hash = "199614993f63636764808313f25199348afdf4d537c8dca06f673559e34636b8" score = 75 @@ -95716,8 +96512,8 @@ rule ELASTIC_Windows_Ransomware_Lockfile_74185716 : FILE MEMORY date = "2021-08-31" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce" logic_hash = "e922c2fc9dd52dd0238847a9d48691bea90d028cf680fc3a1a0dbdfef1d8dce3" score = 75 @@ -95748,8 +96544,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_D248E80E : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4800a67ceff340d2ab4f79406a01f58e5a97d589b29b35394b2a82a299b19745" logic_hash = "5d33d243cd7f9d9189139eb34a4dd8d81882be200223d5c8e60dfd07ca98f94b" score = 75 @@ -95782,8 +96578,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_5B30A04B : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "41cbb7d79388eaa4d6e704bd4a8bf8f34d486d27277001c343ea3ce112f4fb0d" logic_hash = "b89d0f25f08ffa35e075def6a29cf52a80500c6499732146426a71c741059a3b" score = 75 @@ -95813,8 +96609,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_445Bb666 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "664829ff761186ec8f3055531b5490b7516756b0aa9d0183d4c17240a5ca44c4" score = 75 @@ -95842,8 +96638,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_A91D3907 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc9c700f3f6a03ecb6e3f2801d4269599c32abce7bc5e6a1b7e6a64b0e025f58" logic_hash = "e61ceea117acf444a6b137b93d7c335c6eb8a7e13a567177ec4ea44bf64fd5c6" score = 75 @@ -95871,8 +96667,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_8Ce3Fea8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "08c4b5b4afefbf1ee207525f9b28bc7eed7b55cb07f8576fddfa0bbe95002769" score = 75 @@ -95900,8 +96696,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_A7F19411 : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577" logic_hash = "defc7ab43035c663302edfda60a4b57cb301b3d61662afe3ce1de2ac93cfc3e2" score = 75 @@ -95932,8 +96728,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_253C4D0D : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "ba9e6dab664e464e0fdc65bd8bdccc661846d85e7fd8fbf089e72e9e5b71fb17" score = 75 @@ -95961,8 +96757,8 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Race.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Race.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06" logic_hash = "ccba0e2ddefd53939cda6b4985def2d487ac5916cbad7374ac3143f02b9f7ff5" score = 75 @@ -95981,6 +96777,101 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY condition: all of them } +rule ELASTIC_Multi_Ransomware_Akira_21842Eb3 : FILE MEMORY +{ + meta: + description = "Detects Multi Ransomware Akira (Multi.Ransomware.Akira)" + author = "Elastic Security" + id = "21842eb3-9ccc-4dec-9536-37791ef79714" + date = "2024-11-21" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_Akira.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75" + logic_hash = "1c50f4da476cef9f9818f8c0117621eae232be0245ad244babe51d493f0a5a48" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "62f1a985bb718fa27c56d2f23d4f36a5b90b35626f0ef5def83441d27122a503" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "multi" + + strings: + $a1 = "Well, for now let's keep all the tears and resentment to ourselves" + + condition: + all of them +} +rule ELASTIC_Linux_Rootkit_Snapekit_01205A75 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Snapekit (Linux.Rootkit.Snapekit)" + author = "Elastic Security" + id = "01205a75-f40a-4f01-9519-19b801ec2aef" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Snapekit.yar#L1-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "58d1e56fff04affb4c8cbb5fc3ea848e88d1f05c07e6f730e1cf17100ef1b666" + logic_hash = "ba9b40481afb29a6db33fe61fe23b9f3895744da6737167788018396987bb533" + score = 75 + quality = 73 + tags = "FILE, MEMORY" + fingerprint = "9316cdd987f5d13fc73707d508fab08cad5d47a4d8346ba0c364514cab146d11" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "author=Humzak711" + $str2 = "name=snapekit" + $str3 = "description=snapekit" + $str4 = "license=GPL" + $str5 = "snapekit" + $func1 = "snapekit_filepath" + $func2 = "additional_hidden_filepaths" + $func3 = "snapekit_persistence_config_files" + $func4 = "snapekit_persistence_config_dirs" + $func5 = "snapekit_C2_ips_ipv4" + $func6 = "snapekit_C2_ips_ipv6" + $func7 = "unpack_rootkit" + $hook1 = "getdents64_snape" + $hook2 = "kill_snape" + $hook3 = "load_userspace_payload" + $hook4 = "lstat_snape" + $hook5 = "open_snape" + $hook6 = "openat2_snape" + $hook7 = "openat_snape" + $hook8 = "pread64_snape" + $hook9 = "ptrace_snape" + $hook10 = "pwrite64_snape" + $hook11 = "read_snape" + $hook12 = "stat_snape" + $hook13 = "statfs_snape" + $hook14 = "statx_snape" + $hook15 = "tcp4_seq_show_snape" + $hook16 = "tcp6_seq_show_snape" + $hook17 = "udp4_seq_show_snape" + $hook18 = "udp6_seq_show_snape" + $hook19 = "unhook_kernelAPI" + $hook20 = "unlink_snape" + $hook21 = "unlinkat_snape" + $hook22 = "write_snape" + $hook23 = "sys_call_table_snape" + $hook24 = "hooked_tcp6_seq_show" + $hook25 = "hooked_udp4_seq_show" + $hook26 = "hooked_udp6_seq_show" + + condition: + 3 of ($str*) or 3 of ($func*) or 5 of ($hook*) +} rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY { meta: @@ -95990,8 +96881,8 @@ rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d4544a521d4e6eb07336816b1aae54f92c5c4fd2eb31dcfbdf26e4ef890e73db" logic_hash = "d7f9e4f399410d54416e974fbd66b2caa27359ae0f2e33e01d62f1aa618daa34" score = 75 @@ -96022,8 +96913,8 @@ rule ELASTIC_Linux_Cryptominer_Xpaj_Fdbd614E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3e2b1b36981713217301dd02db33fb01458b3ff47f28dfdc795d8d1d332f13ea" logic_hash = "70e6450f98411750361481aaad0d3ea079f58b1ae09970f04da09c20137a50fa" score = 75 @@ -96051,8 +96942,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_1Ef19A12 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "61df74731fbe1eafb2eb987f20e5226962eeceef010164e41ea6c4494a4010fc" logic_hash = "25bd58d546549d208f9f95f4c27d1e58f86f87750dae1e293544cc92b25f8b32" score = 75 @@ -96083,8 +96974,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_34559Bcd : FILE MEMORY date = "2022-02-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c" logic_hash = "ebe7f6037f14e37b6efe81614c06c6d26fe0cc17d0475b8b19715f80d0d9aad3" score = 75 @@ -96118,8 +97009,8 @@ rule ELASTIC_Linux_Ransomware_Esxiargs_75A8Ec04 : FILE MEMORY date = "2023-02-09" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66" logic_hash = "7316cab75c1bcf41ae6c96afa41ef96c37ab1bb679f36a0cc1dd08002a357165" score = 75 @@ -96151,8 +97042,8 @@ rule ELASTIC_Windows_Trojan_Avemaria_31D2Bce9 : FILE MEMORY date = "2021-05-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b" logic_hash = "7ba59c3be07e35b415719b60b14a0f629619e5729c20f50f00dbea0c2f8bd026" score = 75 @@ -96192,8 +97083,8 @@ rule ELASTIC_Linux_Exploit_Moogrey_81131B66 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cc27b9755bd9feb1fb2c510f66e36c20a1503e6769cdaeee2bea7fe962d22ccc" logic_hash = "dc2fe7caa38f665d24bbc673ff63491ebdeec8d56a420092243ce241238846cf" score = 75 @@ -96221,8 +97112,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_39C4Abd4 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25" logic_hash = "fd43503c9427a386674c06bb790e110ac23c27d8fc4adedbaa8a9b7cb0cbafd4" score = 75 @@ -96250,8 +97141,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_68D5Afbb : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a" logic_hash = "0b5f0d408a5c4089ef496c5f8241a34d0468cc3d21e89e41dc105a0df0855d38" score = 75 @@ -96279,8 +97170,8 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE date = "2022-03-30" modified = "2022-03-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4" logic_hash = "bcba74aa20b62329c48060bfebaf49ab12f89f9ec3a09fc0c0cb702de5e2b940" score = 75 @@ -96308,8 +97199,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Bad95Bd6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8e8be482357ebddc6ac3ea9ee60241d011063f7e558a59e6bd119e72e4862024" logic_hash = "8001e6503baeb52c66c9b30026544913270085406a1fe4c45d14629811d36d5f" score = 75 @@ -96337,8 +97228,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_66A14C03 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2d8e2c34ae95243477820583c0b00dfe3f475811d57ffb95a557a227f94cd55" logic_hash = "c8b2925c2e3f95e78f117ddd52e208d143d19ee75e9283f7f15d10e930eaac5f" score = 75 @@ -96366,8 +97257,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Eb83B6Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8dec88576f61f37fbaece3c30e71d338c340c8fb9c231f9d7b1c32510d2c3167" logic_hash = "bc79860e414d07ee8000eea3d61827272d66faa90a8bf6c65fcda90a4bd762ef" score = 75 @@ -96395,8 +97286,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_Ffe07C79 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3" logic_hash = "18b1c93c395b105f446b4c968441e0a43e42b1bd7efcf6501a89eb92cbd21824" score = 75 @@ -96424,8 +97315,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_852Ba283 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5" logic_hash = "78acd081c2517f9c53cb311481c0cc40cc3699b222afc290da1a3698e7bf75b7" score = 75 @@ -96453,8 +97344,8 @@ rule ELASTIC_Linux_Ransomware_Clop_728Cf32A : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef" logic_hash = "31c2fdfcfc46ad1dd69489536172937b9771d8505f36c7bd8dc796f40a2fe4d2" score = 75 @@ -96485,8 +97376,8 @@ rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Setag.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Setag.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3519d9e4bfa18c19b49d0fa15ef78151bd13db9614406c4569720d20830f3cbb" score = 75 quality = 75 @@ -96513,8 +97404,8 @@ rule ELASTIC_Linux_Trojan_Setag_01E2F79B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Setag.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Setag.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b5e8486174026491341a750f6367959999bbacd3689215f59a62dbb13a45fcc" logic_hash = "1e0336760f364acbbe0e8aec10bc7bfb48ed7e33cde56d8914617664cb93fd9b" score = 75 @@ -96542,8 +97433,8 @@ rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4714e8ad9c625070ca0a151ffc98d87d8e5da7c8ef42037ca5f43baede6cfac1" logic_hash = "53baf04f4ab8967761c6badb24f6632cc1bf4a448abf0049318b96855f30feea" score = 75 @@ -96576,8 +97467,8 @@ rule ELASTIC_Multi_Hacktool_Nps_F76F257D : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "80721b20a8667536a33fca50236f5c8e0c0d07aa7805b980e40818ab92cd9f4a" logic_hash = "0bbd7f86bfd2967dc390510c2e403d05e1b56551b965ea716b9e5330f75c9bd5" score = 75 @@ -96609,8 +97500,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3490_D369D615 : FILE MEMORY CVE_2021_3490 date = "2021-11-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e65ba616942fd1e893e10898d546fe54458debbc42e0d6826aff7a4bb4b2cf19" logic_hash = "6fa4b36366d2c255f5ccf0e22a06c7e17df74fddd06963787dbcd713b3e8aca6" score = 75 @@ -96649,8 +97540,8 @@ rule ELASTIC_Windows_Trojan_Hotpage_414F235F : FILE MEMORY date = "2024-07-18" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_HotPage.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_HotPage.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b8464126b64c809b4ab47aa91c5f322ce2c0ae4fd668a43de738a5caa7567225" logic_hash = "cfa0036b22a83a5396b3f9014511720071246a775053ad493791ebc1212400f2" score = 75 @@ -96684,8 +97575,8 @@ rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7c44c2ca77ef7a62446f6266a757817a6c9af5e010a219a43a1905e2bc5725b0" logic_hash = "c9c63114e45b45b1c243af1f719cddc838a06a1f35d65dca6a2fb5574047eff0" score = 60 @@ -96713,8 +97604,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_B521801B : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "609a0941b118d737124a5cd9c98c007e21557a239cfa3cf97cd3b4348c934f03" score = 75 @@ -96745,8 +97636,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_4Ce9Affb : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "16441eb4617b6b3cb1e7d600959a5cbfe15c72c00361b45551b7ef4c81f78462" score = 75 @@ -96774,8 +97665,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_58A61Aaa : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "7226e2f61bd6f1cca15c1f3f8d8697cb277d1e214f756295ffda5bc16304cc49" score = 75 @@ -96803,8 +97694,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_C7811Ccc : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "e65dc05f6d9289a42c05afdc4da0ce1c18c1129dd87688a277ece925e83d7ef1" score = 75 @@ -96832,8 +97723,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_17Ee6A17 : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "497bc53c1c75003fe4ae3199b0ff656c085f21dffa71d00d7a3a33abce1a3382" logic_hash = "0c868d0673c01e2c115d6822c34c877db77265251167f3a890a448a1de5c6a2d" score = 75 @@ -96869,8 +97760,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F54632Eb : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25" logic_hash = "1779919556ee5c9a78342aabafb8408e035cb39632b25c54da6bf195894901dc" score = 75 @@ -96907,8 +97798,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_3D9371Fd : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a" logic_hash = "1c8a64ce7615f502602ab960638dd55f4deaeea3b49d894274d64d4d0b6a1d10" score = 75 @@ -96942,8 +97833,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_63E7E006 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e062c99dc9f3fa780ea9c6249fa4ef96bbe17fd1df38dbe11c664a10a92deece" logic_hash = "2085eaf622b52372124e9b23d19e3e4a7fdb7a4559ad9a09216c1cbae96ca5b6" score = 75 @@ -96973,8 +97864,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F07B3Cb4 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5e491625475fc25c465fc7f6db98def189c15a133af7d0ac1ecbc8d887c4feb6" logic_hash = "64536e3b340254554154ac1b33adfb4f3c72a2c6c0d1ef27827621b905d431c5" score = 75 @@ -97003,8 +97894,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_4Df4Bcb6 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9389475bd26c1d3fd04a083557f2797d0ee89dfdd1f7de67775fcd19e61dfbb3" logic_hash = "d9027fa9c8d9c938159a734431bb2be67fd7cca1f898c2208f7b909157524da4" score = 75 @@ -97032,8 +97923,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_15Ee6903 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "46b506cafb2460ca2969f69bcb0ee0af63b6d65e6b2a6249ef7faa21bde1a6bd" logic_hash = "22c8a1f4b5b94261cfabdbcc00e45b9437a0132d4e9d4543b734d4f303336696" score = 75 @@ -97062,8 +97953,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "809e303ba26b894f006b8f2d3983ff697aef13b67c36957d98c56aae9afd8852" logic_hash = "888bc2fdfae8673cd6bce56fc9894b3cab6d7e3c384d854d6bc8aef47fdecf1c" score = 75 @@ -97091,8 +97982,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_983Cd7A7 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7aa20c57b8815dd63c8ae951e1819c75b5d2deec5aae0597feec878272772f35" logic_hash = "2104bad5ec42bc72ec611607a53086a85359bdb4bf084d7377e9a8e234b0e928" score = 75 @@ -97122,8 +98013,8 @@ rule ELASTIC_Linux_Exploit_Local_47C64Fb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360" logic_hash = "7d977edd5fc90c6f03ed5558c690b3dd2102bbff9d7e5124403276405e15201b" score = 75 @@ -97151,8 +98042,8 @@ rule ELASTIC_Linux_Exploit_Local_76C24B62 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b" logic_hash = "ff55d6a316394812cfa1108578aece91050bfb2f7e0f8c0440dcb64156f3e893" score = 75 @@ -97180,8 +98071,8 @@ rule ELASTIC_Linux_Exploit_Local_30C21B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029" logic_hash = "396965c457b2e02d7d524d9d5fb3cc76852895ed9675c7b1205a94f47ba10144" score = 75 @@ -97209,8 +98100,8 @@ rule ELASTIC_Linux_Exploit_Local_9Ace9649 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c" logic_hash = "d7a60b0cb7fcbd9e802660bda3e0456f7f4ef9db38b6dab131c160efce48909e" score = 75 @@ -97238,8 +98129,8 @@ rule ELASTIC_Linux_Exploit_Local_705C9589 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88" logic_hash = "9834d564c2acc688750d5e6c53db7c1201ef85c6fb3d1d0ea2425a5ba905ff18" score = 75 @@ -97267,8 +98158,8 @@ rule ELASTIC_Linux_Exploit_Local_A677Fb9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8" logic_hash = "9b43e651f73d17dbd2143cec4c79929723689ce738924588e38c99a9554e5545" score = 75 @@ -97296,8 +98187,8 @@ rule ELASTIC_Linux_Exploit_Local_78E50162 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300" logic_hash = "10a5bef486ec0ececfe0a9edfcad7ce053da2a97028cd1648aa27572fedd8ef6" score = 75 @@ -97325,8 +98216,8 @@ rule ELASTIC_Linux_Exploit_Local_3B767A1F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c" logic_hash = "0f24a7d4e8ff0899430aa0a702000f35039b07400120b382b675825630f0ea4e" score = 75 @@ -97354,8 +98245,8 @@ rule ELASTIC_Linux_Exploit_Local_2535C9B6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b" logic_hash = "222e929d8352ed02714a59b0e1b9777b0f2d80d63cb369fa9bf33460c84efbb2" score = 75 @@ -97383,8 +98274,8 @@ rule ELASTIC_Linux_Exploit_Local_6A9B5D50 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862" logic_hash = "99a18bfb62c195bdea89c688fed4456fee33477878ecdee8a78cd4bf18ad539b" score = 75 @@ -97412,8 +98303,8 @@ rule ELASTIC_Linux_Exploit_Local_66557224 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40" logic_hash = "5583f086d594ebdf5890a8a5fbee5c04fbddfe42adcae07480532d87e474ef0c" score = 75 @@ -97441,8 +98332,8 @@ rule ELASTIC_Linux_Exploit_Local_6229602F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Local.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Local.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa" logic_hash = "c3ab6a36c0c2d430d576f7c0cfdc6d1affcd99d007e2d05596677da9bda5a19e" score = 75 @@ -97470,8 +98361,8 @@ rule ELASTIC_Linux_Trojan_Marut_47Af730D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Marut.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Marut.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "048ce8059be6697c5f507fb1912ac2adcedab87c75583dd84700984e6d0d81e6" score = 75 quality = 75 @@ -97498,8 +98389,8 @@ rule ELASTIC_Windows_Wiper_Hermeticwiper_7206A969 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://www.elastic.co/security-labs/elastic-protects-against-data-wiper-malware-targeting-ukraine-hermeticwiper" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591" logic_hash = "84c61b8223a6ebf1ccfa4fdccee3c9091abca4553e55ac6c2492cff5503b4774" score = 75 @@ -97532,8 +98423,8 @@ rule ELASTIC_Macos_Exploit_Log4J_75A13888 : FILE MEMORY date = "2021-12-13" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b09d8dd9c422e7eb8aa23f8b1204d31fd290252925099300d6d19d73e562ca5e" score = 75 quality = 75 @@ -97566,8 +98457,8 @@ rule ELASTIC_Macos_Trojan_Sugarloader_E7E1D99C : FILE MEMORY date = "2023-10-24" modified = "2023-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940" logic_hash = "0689b704add81e8e7968d9dba5f60d45c8791209330f4ee97e218f8eeb22c88f" score = 75 @@ -97599,8 +98490,8 @@ rule ELASTIC_Linux_Cryptominer_Ursu_3C05F8Ab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d72361010184f5a48386860918052dbb8726d40e860ea0287994936702577956" logic_hash = "8261e4ee40131cd7df61914cd7bdf154e8a2b5fa3abd9d301436f9371253f510" score = 75 @@ -97628,8 +98519,8 @@ rule ELASTIC_Linux_Ransomware_Limpdemon_95C748E0 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4200e90a821a2f2eb3056872f06cf5b057be154dcc410274955b2aaca831651" logic_hash = "e66906725c0af657d91771642908ac0b2c72a97c4d4f651dcc907c2c1437f2da" score = 75 @@ -97660,8 +98551,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_C57F3F88 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5" logic_hash = "408c6d811232dbd0c87f75fd28508366151cf9f2f10f012919588db1919e406b" score = 75 @@ -97689,8 +98580,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_99681F1C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0b02cfe16ac73f2e7dc52eaf3b93279b7d02b3d64d061782dfed0c55ab621a8e" logic_hash = "fb293d74186e778856780377120ac2ebe9550a508a0b33e706c39f93a5509df8" score = 75 @@ -97718,8 +98609,8 @@ rule ELASTIC_Linux_Trojan_Sckit_A244328F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "685da66303a007322d235b7808190c3ea78a828679277e8e03e6d8d511df0a30" logic_hash = "8001c9fcf9f8b70c3e27554156b0b26ddcd6cab36bf97cf3b89a4c43c9ad883c" score = 75 @@ -97747,8 +98638,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_77C36Ace : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd" logic_hash = "e8c1060efde0c4a073247d03a19dedb1c0acc8506fbf6eac93ac44f00fc73be1" score = 75 @@ -97780,8 +98671,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_975D546C : FILE MEMORY date = "2023-03-23" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "aca133bf1d72cf379101e6877871979d6e6e8bc4cc692a5ba815289735014340" logic_hash = "cbd8ce991059f961236a4bb83ea5a78efa661199b40fca8b09550856e932198b" score = 75 @@ -97814,8 +98705,8 @@ rule ELASTIC_Windows_Hacktool_Sharpsccm_9Bef8Dab : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e169c4fd16627029445bb0365a2f9ee61ab6b3757b8ad02fd210ce85dc9c97f" logic_hash = "560c780934a63b3c857a09841c09cbc350205868c696fac958e249e1379cc865" score = 75 @@ -97855,8 +98746,8 @@ rule ELASTIC_Linux_Exploit_Sorso_Ecf99F8F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "c771ff109e548e37134cd76ac668f0d4abafcf262de12b00236ad94fc11a99d1" score = 75 @@ -97884,8 +98775,8 @@ rule ELASTIC_Linux_Exploit_Sorso_91A4D487 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "bb58c78ae3cc730aa1ef32974f65adabd63972ef181696aeb79954f904f2f405" score = 75 @@ -97913,8 +98804,8 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "a8bc8a2c8405b80b160ad21898003781405a762c0e627f13b34e9362e0aa51a1" score = 75 @@ -97933,6 +98824,40 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Trojan_Melofee_C23D18F3 : FILE MEMORY +{ + meta: + description = "Detects Linux Trojan Melofee (Linux.Trojan.Melofee)" + author = "Elastic Security" + id = "c23d18f3-caac-4d8a-8ecd-d1b831723648" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Melofee.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "b0abf6691e769ead1f11cfdcd300f8cd5291f19059be6bb40d556f793b1bc21e" + logic_hash = "fd769e0eca9ee858a3773a906189c510742364722b3e5c384158b3ec4158fc68" + score = 75 + quality = 50 + tags = "FILE, MEMORY" + fingerprint = "95bd1092104aa028b65b92d3dcf6af6deb019d00ef09e9c6570da39737fe3525" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "hide ok" + $str2 = "show ok" + $str3 = "kill ok" + $str4 = "wwwwwww" + $str5 = "[md]" + $str6 = "87JoENDi" + + condition: + 4 of them +} rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY { meta: @@ -97942,8 +98867,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a4ac275275e7be694a200fe6c5c5746256398c109cf54f45220637fe5d9e26ba" logic_hash = "979d2ae62efca0f719ed1db2ff832dc9a0aa0347dcd50ccede29ec35cba6d296" score = 75 @@ -97971,8 +98896,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_30C039E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b494ca3b7bae2ab9a5197b81e928baae5b8eac77dfdc7fe1223fee8f27024772" logic_hash = "a9dbfede68a3209b403aa40dbc5b69326c3e1c14259ed6bc6351f0f9412cfce2" score = 75 @@ -98000,8 +98925,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_C94Eec37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "294fcdd57fc0a53e2d63b620e85fa65c00942db2163921719d052d341aa2dc30" logic_hash = "39a49e1661ac2ca6a43a56b0bd136976f6d506c0779d862a43ba2c25d6947fee" score = 75 @@ -98029,8 +98954,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_F806D5D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "86336f662e3abcf2fe7635155782c549fc9eef514356bf78bfbc3b65192e2d90" score = 75 @@ -98058,8 +98983,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0Fa3A6E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a" logic_hash = "970062e909ffe5356b750605f2c44a6e893949bc5bc71be3ea98b16e51629d4d" score = 75 @@ -98087,8 +99012,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_36A98405 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "a32d324d1865a7796faefbc2f209e6043008a696929fe7837afbbc770e6f4c74" score = 75 @@ -98116,8 +99041,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0C6686B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "731bb3f9957e8777040c0b7b316a818f4ee1ca9a113fb9eed24ee61bfc71e11d" score = 75 @@ -98145,8 +99070,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_9Ce5B69F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad63fbd15b7de4da0db1b38609b7481253c100e3028c19831a5d5c1926351829" logic_hash = "b9756eb99e59ba3a9a616b391bcf26bda26a6ac0de115460f9ba52129f590764" score = 75 @@ -98174,8 +99099,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_55A80Ab6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "1fc29f98e9ea2a5b67d0a88f37813a5e62b5f1d2a26aee74f90e9ead445dc713" score = 75 @@ -98203,8 +99128,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_E98B83Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "8b16c0fee991ee2143a20998097066a90b1f20060bac7b42e5c3188adcdc7907" score = 75 @@ -98232,8 +99157,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_8A11F9Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571" logic_hash = "f80dcb3579a76da787e9bb2bfb02ef86e464aec1bea405f02642b8c8902c7663" score = 75 @@ -98261,8 +99186,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_2462067E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3847f1c7c15ce771613079419de3d5e8adc07208e1fefa23f7dd416b532853a1" logic_hash = "cf6c0703f9108f8193e0a9c18ba3d76263527a13fe44e194fa464d399512ae05" score = 75 @@ -98290,8 +99215,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0A028640 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e36081f0dbd6d523c9378cdd312e117642b0359b545b29a61d8f9027d8c0f2f0" logic_hash = "663f110c7214498466759b66a83ff1844f5bf45ce706fa8ad0e8b205cc9c8f72" score = 75 @@ -98319,8 +99244,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_6B3974B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04" logic_hash = "7c44a0abcd51a6b775fc379b592652ebb10faf16c039ca23b20984183340cada" score = 75 @@ -98348,8 +99273,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_87Bcb848 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "60e8aa7e27ea0bec665075a373ce150c21af4cddfd511b7ec771293126f0006c" score = 75 @@ -98377,8 +99302,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Ad60D7E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1253a8cd1a5230f1ec1f8c7ecd07f89f28acf5c2aa92395c6cb9e635c16a1e25" score = 75 quality = 73 @@ -98405,8 +99330,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "20439a8fc21a94c194888725fbbb7a7fbeef5faf4b0f704559d89f1cd2e57d9d" logic_hash = "548f531429132392f6d9bccff706b56ba87d8e44763116dedca5d0baa5097b92" score = 75 @@ -98434,8 +99359,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "7a63eb94266b04a31ba67165c512e2e060c3e344665aeed748a51943143b2219" score = 75 @@ -98463,8 +99388,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_7C545Abf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "95691c7ad1d80f7f1b5541e1d1a1dbeba30a26702a4080d256f14edb75851c5d" logic_hash = "fa50ccc4c85417d18a84b7f117f853609c44b17c488a937cdc7495e2d32757f7" score = 75 @@ -98492,8 +99417,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_32C0B950 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "214c1caf20ceae579476d3bf97f489484df4c5f1c0c44d37ff9b9066072cd83c" logic_hash = "db077e5916327ca78fcc9dc35f64e5c497dbbe60c4a0c1eb7abb49c555765681" score = 75 @@ -98521,8 +99446,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Cbf50D9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b64d0cf4fc4149aa4f63900e61b6739e154d328ea1eb31f4c231016679fc4aa5" logic_hash = "331a35fb3ecc54022b1d4d05bd64e7c5c6a7997b06dbea3a36c33ccc0a2f7086" score = 75 @@ -98550,8 +99475,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_40C25A06 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "61af6bb7be25465e7d469953763be5671f33c197d4b005e4a78227da11ae91e9" logic_hash = "38976911ff9e56fae27fad8b9df01063ed703f43c8220b1fbcef7a3945b3f1ad" score = 75 @@ -98579,8 +99504,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_35806Adc : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b" logic_hash = "6e9d3e5c0a33208d1b5f4f84f8634955e70bd63395b367cd1ece67798ce5e502" score = 75 @@ -98608,8 +99533,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D74D7F0C : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b0a8b2259c00d563aa387d7e1a1f1527405da19bf4741053f5822071699795e2" logic_hash = "6f5313fc9e838bd06bd4e797ea7fb448073849dc714ecf18809f94900fa11ca2" score = 75 @@ -98637,8 +99562,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_71D31510 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "33dd6c0af99455a0ca3908c0117e16a513b39fabbf9c52ba24c7b09226ad8626" logic_hash = "18bfe9347faf1811686a61e0ee0de5cef842beb25fb06793947309135c41de89" score = 75 @@ -98666,8 +99591,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_97288Af8 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c39eb055c5f71ebfd6881ff04e876f49495c0be5560687586fc47bf5faee0c84" logic_hash = "c5b521cc887236a189dca419476758cee0f1513a8ad81c94b1ff42e4fe232b8e" score = 75 @@ -98695,8 +99620,8 @@ rule ELASTIC_Windows_Trojan_Dragonbreath_B27Bc56B : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45023fd0e694d66c284dfe17f78c624fd7e246a6c36860a0d892d232a30949be" logic_hash = "b86d5541a7e03a698ad918cdbba987474c6680353b4d2de2f8422ecd0ebcac61" score = 75 @@ -98726,8 +99651,8 @@ rule ELASTIC_Multi_Hacktool_Supershell_F7486598 : FILE MEMORY date = "2024-09-12" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Hacktool_SuperShell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Hacktool_SuperShell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "18556a794f5d47f93d375e257fa94b9fb1088f3021cf79cc955eb4c1813a95da" logic_hash = "8c2c3f13fad03ece29f7f3fd12e22807b61ecdc16dee00b6430b915631554cff" score = 75 @@ -98758,8 +99683,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_E8F16920 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "6cb7b5051fab2b56f39b2805788b5b0838a095b41fcc623fe412b215736be5d4" score = 75 @@ -98789,8 +99714,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "52d3ddebdc1a8aa4bcb902273bd2d3b4f9b51f248d25e7ae1cc260a9550111f5" score = 75 @@ -98823,8 +99748,8 @@ rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0330e072b7003f55a3153ac3e0859369b9c3e22779b113284e95ce1e2ce2099" logic_hash = "ddc8c97598b2d961dc51bdf2c7ab96abcec63824acd39b767bc175371844c1e5" score = 75 @@ -98852,8 +99777,8 @@ rule ELASTIC_Linux_Trojan_Sqlexp_1Aa5001E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "714a520fc69c54bcd422e75f4c3b71ce636cfae7fcec3c5c413d1294747d2dd6" logic_hash = "48c7331c80aa7d918f46d282c6f38b8e780f9b5222cf9304bf1a8bb39cc129ab" score = 75 @@ -98881,8 +99806,8 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296" logic_hash = "a9b3cdddb3387251d7da90f32b08b9c1eedcdff1fe90d51f4732183666a6d467" score = 75 @@ -98904,6 +99829,35 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY condition: 3 of them } +rule ELASTIC_Linux_Ransomware_Akira_27440619 : FILE MEMORY +{ + meta: + description = "Detects Linux Ransomware Akira (Linux.Ransomware.Akira)" + author = "Elastic Security" + id = "27440619-50de-4103-b961-6b66cf9001f9" + date = "2024-11-21" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Akira.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75" + logic_hash = "d2bb413b5919b3ed6239fbc714d025d2ddc321cb8a0b310aaae48b0869810be8" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "611b051982db94dc83a875b3e5ae20177690fda16ead5b8591cb12d0e899712b" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $a = { 41 83 A7 00 01 00 00 00 31 C0 41 88 87 04 01 00 00 6A 08 5B 49 89 9F 08 01 00 00 0F 57 C0 41 0F 29 87 10 01 00 00 49 89 9F 20 01 00 00 41 0F 11 87 28 01 00 00 41 C6 87 38 01 00 00 01 6A 01 41 5E } + + condition: + all of them +} rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY { meta: @@ -98913,8 +99867,8 @@ rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY date = "2022-03-17" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "39b3a95928326012c3b2f64e2663663adde4b028d940c7e804ac4d3953677ea6" logic_hash = "e2483b7719f4a1e28ec3732120770066333d8db269c9c9711813a8eeb75176d6" score = 75 @@ -98952,8 +99906,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_Cfa94001 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0a26e67692605253819c489cd4793a57e86089d50150124394c30a8801bf33e6" logic_hash = "b5a86a79384997f977d353371ccaa8c736f5c24af40b85a24076d4c4fb79a237" score = 75 @@ -98981,8 +99935,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_A000F267 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c85cc6768a28fb7de16f1cad8d3c69d8f0b4aa01e00c8e48759d27092747ca6f" logic_hash = "2a8cb11bb21f2ce620a6fa1f0fb932bef60a479fac836058ec4e8c760b5d60f9" score = 75 @@ -99010,8 +99964,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_8B9E4F9F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0230c81ba747e588cd9b6113df6e1867dcabf9d8ada0c1921d1bffa9c1b9c75d" logic_hash = "6979a900a2532a8da36711f3ffe13f71ec4efa7771aa2feec9391bd031aaa023" score = 75 @@ -99039,8 +99993,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_055F88B8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "607c8c5edc8cbbd79a40ce4a0eccf46e01447985d9415d1eff6a91bf64074507" logic_hash = "29e59bb372f0b37b507c72e5b5bcb27ba0fa2aaac71ea77f0cab85af31708c8a" score = 75 @@ -99068,8 +100022,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_431E689D : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1cbb09223f16af4cd13545d72dbeeb996900535b1e279e4bcf447670728de1e1" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5b9a7ffcd6fc6893a8224fd2b9ca59f4cff6086669a73190114db510a1ad9ff2" score = 75 quality = 75 @@ -99096,8 +100050,8 @@ rule ELASTIC_Multi_Trojan_Sparkrat_9A21E541 : FILE MEMORY date = "2023-11-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6" logic_hash = "903c5c65436bea8dd044fd5f1f6dda3d1e90ab25802d508f67ba0f7fd06e92d4" score = 75 @@ -99127,8 +100081,8 @@ rule ELASTIC_Linux_Trojan_Rbot_C69475E3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d97c69b65d2900c39ca012fe0486e6a6abceebb890cbb6d2e091bb90f6b9690" logic_hash = "2a8629ebf6e2082ce90f1b2130ae596e4e515f3289a25899f2fc57b99c01a654" score = 75 @@ -99156,8 +100110,8 @@ rule ELASTIC_Linux_Trojan_Rbot_96625C8C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a052cfad3034d851c6fad62cc8f9c65bceedc73f3e6a37c9befe52720fd0890e" logic_hash = "5a9671e10e7b9b58ecf9fab231de18b4b6039c9d351b145fae1705297acda95e" score = 75 @@ -99185,8 +100139,8 @@ rule ELASTIC_Linux_Trojan_Rbot_366F1599 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5553d154a0e02e7f97415299eeae78e5bb0ecfbf5454e3933d6fd9675d78b3eb" logic_hash = "3efe0f35efd855b415149513e8abb2210a26ef6f3b6c31275c8147fabb634fab" score = 75 @@ -99214,8 +100168,8 @@ rule ELASTIC_Linux_Exploit_Ramen_01B205Eb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "e477e93434db9e650f159995f2cb754394f3187dc341d2ea4c2466924e19a8a6" score = 75 @@ -99243,8 +100197,8 @@ rule ELASTIC_Linux_Rootkit_Adore_Fe3Fd09F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f4e532b840e279daf3d206e9214a1b065f97deb7c1487a34ac5cbd7cbbf33e1a" logic_hash = "cc07efb9484562cd870649a38126f08aa4e99ed5ad4662ece0488d9ffd97520e" score = 75 @@ -99272,8 +100226,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_89397Ebf : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3" logic_hash = "e887c34c624a182a3c57a55abe02784c4350d3956bcfd9f7918f08a464819e63" score = 75 @@ -99301,8 +100255,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_3F5C98C4 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5" logic_hash = "7570bf1a69df6b493bde41c1de27969e36a3fcb59be574ee2e24e3a61347a146" score = 75 @@ -99330,8 +100284,8 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac" logic_hash = "d11b117efc10547e77ce8979f8a1d42f34937101e58a0e36228baa37cd30d2aa" score = 75 @@ -99364,8 +100318,8 @@ rule ELASTIC_Linux_Trojan_Backconnect_C6803B39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a5e6b084cdabe9a4557b5ff8b2313db6c3bb4ba424d107474024030115eeaa0f" logic_hash = "02750b2788c2912bba0fc8594f6a12c75ce1f41d1075acf7c920f6e616ab65c7" score = 75 @@ -99393,8 +100347,8 @@ rule ELASTIC_Windows_Exploit_Ioring_1E4A8F47 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ba2bd270bf3f312dfa3f77f0716edb634c90506c87f82c04aee09445d18738eb" logic_hash = "cbbea9a60bde13356ce88cd96aacaa02a3c99f4ae0b48c4ba84b72528a3d6b91" score = 75 @@ -99425,8 +100379,8 @@ rule ELASTIC_Macos_Cryptominer_Xmrig_241780A1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f" logic_hash = "9e091f6881a96abdc6592db385eb9026806befdda6bda4489470b4e16e1d4d87" score = 75 @@ -99457,8 +100411,8 @@ rule ELASTIC_Windows_Trojan_Fabookie_024F8759 : FILE MEMORY date = "2023-06-22" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e" logic_hash = "9477406b718c6489161cf4636be66c4f72df923b9c5a7ee4069ef6a9552de485" score = 75 @@ -99487,8 +100441,8 @@ rule ELASTIC_Windows_Trojan_Legionloader_F91120C6 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45670ffa9b24542ae84e3c9eb5ce609c2bcd29129215a7f37eb74b6211e32b22" logic_hash = "760402587a9ca3d3e6602fe57d3346ea6f60ba5c8d3a902bf493233baab597b0" score = 75 @@ -99516,8 +100470,8 @@ rule ELASTIC_Macos_Hacktool_Swiftbelt_Bc62Ede6 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1" logic_hash = "51481baa6ddb09cf8463d989637319cb26b23fef625cc1a44c96d438c77362ca" score = 75 @@ -99569,8 +100523,8 @@ rule ELASTIC_Linux_Backdoor_Generic_Babf9101 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9ea73d2c2a5f480ae343846e2b6dd791937577cb2b3d8358f5b6ede8f3696b86" logic_hash = "40084f3bed66c1d4a1cd2ffca99fd6789c8ed2db04031e4d4a4926b41d622355" score = 75 @@ -99598,8 +100552,8 @@ rule ELASTIC_Linux_Backdoor_Generic_5776Ae49 : FILE MEMORY date = "2021-04-06" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e247a5decb5184fd5dee0d209018e402c053f4a950dae23be59b71c082eb910c" logic_hash = "b606f12c47182d80e07f8715639c3cc73753274bd8833cb9f6380879356a2b12" score = 75 @@ -99627,8 +100581,8 @@ rule ELASTIC_Windows_Exploit_Eternalblue_Ead33Bf8 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a1340e418c80be58fb6bbb48d4e363de8c6d62ea59730817d5eda6ba17b2c7a7" logic_hash = "4d0ab8bd7ef5b20e656110ac3c78b08803539387cb4fe1425a284d39c42aa199" score = 75 @@ -99656,8 +100610,8 @@ rule ELASTIC_Macos_Trojan_Aobokeylogger_Bd960F34 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2b50146c20621741642d039f1e3218ff68e5dbfde8bb9edaa0a560ca890f0970" logic_hash = "f89fbf1d6bf041de0ce32f7920818c34ce0eeb6779bb7fac6f223bbea1c6f6fa" score = 75 @@ -99685,8 +100639,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_83F05Fbe : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c88fc2690deae3700e605b2affb5ecac3d1ffc92435f33209f31897d28715b8c" score = 75 quality = 73 @@ -99727,8 +100681,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_182B2Cea : BETA FILE MEMORY date = "2020-06-18" modified = "2021-10-04" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1c23effe5f8b35c5e03ebd5e57664c8937259d464f92dda0a9df344b982e8f8c" score = 75 quality = 75 @@ -99762,8 +100716,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_A282Ba44 : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3a583069c9ab851a90f3a61c9c4fa67f8b918b8d168fcf7f25b2a3ae3465c596" score = 75 quality = 75 @@ -99798,8 +100752,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7ac1d7b6107307fb2442522604c8fa56010d931392d606ac74dcea6b7125954b" logic_hash = "b7289c4688ec67d59e67755461f1f4e0c3f47ef9f8c73fc1dcc1d168baf11623" score = 75 @@ -99827,8 +100781,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_F53Cfb9B : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a9870a03ddc6543a5a12d50f95934ff49f26b60921096b2c8f2193cb411ed408" logic_hash = "b2453862747e251afc34c57e887889b8d3a65a9cc876d4a95ff5ecfcc24e4bd3" score = 75 @@ -99856,8 +100810,8 @@ rule ELASTIC_Windows_Hacktool_EDRWFP_F6D7Db7A : FILE date = "2024-06-10" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_EDRWFP.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_EDRWFP.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a1fc2f3ded852f75e36e70ae39087e21ae5b6af10e2038d04e61bd500ba511e2" logic_hash = "45d427e4f52346b4a18c154bb0afb636c18951fd9c7323846bf2eb7e47928ef6" score = 75 @@ -99888,8 +100842,8 @@ rule ELASTIC_Macos_Trojan_Getshell_F339D74C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b2199c15500728a522c04320aee000938f7eb69d751a55d7e51a2806d8cd0fe7" logic_hash = "77a409f1a0ab5f87a77a6b2ffa2d4ff7bd6d86c0f685c524e2083585bb3fb764" score = 75 @@ -99917,8 +100871,8 @@ rule ELASTIC_Windows_Trojan_Carberp_D6De82Ae : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://github.com/m0n0ph1/malware-1/blob/master/Carberp%20Botnet/source%20-%20absource/pro/all%20source/hvnc_dll/HVNC%20Lib/vnc/xvnc.h#L342" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f98fadb6feab71930bd5c08e85153898d686cc96c84fe349c00bf6d482de9b53" logic_hash = "085020755c77b299b2bfd18b34af6c68450c29de67b8ae32ddf2b26299b923ae" score = 75 @@ -99948,8 +100902,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3fc701a2caab0297112501f55eaeb05264c5e4099c411dcadc7095627e19837a" logic_hash = "dc2dfa128f509221cae8bae9864190e8316bb7a5ae081da1076081b5f4fdc870" score = 75 @@ -99977,8 +100931,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_757637D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "b1f1784aae5958740d03ca50d0b9731e8db7d86d918d16e82cf6fc1e1bf663a9" score = 75 @@ -100006,8 +100960,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_78543893 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ff5b02d2b4dfa9c3d53e7218533f3c57e82315be8f62aa17e26eda55a3b53479" logic_hash = "4bb6a6e063fd00569b04f4514ec1731357aa8e8ce4cfee354fdd86773a4358da" score = 75 @@ -100035,8 +100989,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_4F8D83D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d78128eca706557eeab8a454cf875362a097459347ddc32118f71bd6c73d5bbd" logic_hash = "6fee488d97fe1d4be558b6886c603010c6d1423a750783b38a65d2fb3eeb76f4" score = 75 @@ -100064,8 +101018,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F4Afd230 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "805e900ffc9edb9f550dcbc938a3b06d28e9e7d3fb604ff68a311a0accbcd2b1" logic_hash = "9aba4ebbf946f07071bfb94fa50c6981ae8c659aca9ee6e05c7ef214432d7466" score = 75 @@ -100093,8 +101047,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Bb384Bc9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ecc6635117b99419255af5d292a7af3887b06d5f3b0f59d158281eebfe606445" logic_hash = "1e9faba4f245d8b0d6944430286a5fc3e11cd7e036a4151b29fc2c5f037894fb" score = 75 @@ -100122,8 +101076,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_B293F6Ec : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "0e310082714f5283f9b4ccde5a8e17994e3bc4acf3d744b22734c136dde7cebb" score = 75 @@ -100151,8 +101105,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_C5983669 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d08be92a484991afae3567256b6cec60a53400e0e9b6f6b4d5c416a22ccca1cf" logic_hash = "ff673070969f1ededf8ff2c7cadfc251c7d2e52da58906b15cfc04593a755d55" score = 75 @@ -100180,8 +101134,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Fbff22Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "d3e3037593f5714dfb49c6e19631fd46331e2702c8bf6d6099bb5b34158321a9" score = 75 @@ -100209,8 +101163,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_E2D5Fad8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7e54e57db3de32555c15e529c04b35f52d75af630e45b5f8d6c21149866b6929" logic_hash = "b294ce1c4d928d73342bb6260456d850f9c59f3c48c7c4ffbce32ea9238f6eee" score = 75 @@ -100238,8 +101192,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F2F8Eb6B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "01721b9c024ca943f42c402a57f45bd4c77203a604c5c2cd26e5670df76a95b2" logic_hash = "b6555e69b663591550976fd44352ecbdf0a0aef1e07a64396a576125a4fe4ba6" score = 75 @@ -100267,8 +101221,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_89671B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "001098473574cfac1edaca9f1180ab2005569e094be63186c45b48c18f880cf8" logic_hash = "dfa7027c4fa0cbde33df87063fea4ecf51a085f3cc1805123c62747882d0a07e" score = 75 @@ -100296,8 +101250,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Dbc73Db0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9fe78e4dd7975856a74d8dfd83e69793a769143e0fe6994cbc3ef28ea37d6cf8" logic_hash = "4a7453342fd72dacb781919d3fac3bab02e7ef7c882d5938a2e0e1274c704705" score = 75 @@ -100325,8 +101279,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Ec339160 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0002b469972f5c77a29e2a2719186059a3e96a6f4b1ef2d18a68fee3205ea0ba" logic_hash = "9c1d1254093b172798024c42a6d78f5e6720d20b8c2a8ad4ca26c8e88e42f0e8" score = 75 @@ -100354,8 +101308,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_7Cd57E18 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1eecf16dae302ae788d1bc81278139cd9f6af52d7bed48b8677b35ba5eb14e30" logic_hash = "97604cdc9daa9993b9a18dc5df7ab105a5e6001129bcfcfeeb86640bee26f59d" score = 75 @@ -100383,8 +101337,8 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY date = "2021-08-15" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96" logic_hash = "b9c895be9eab775726abd2c13256d598c5b79bceb2d652c30b1df4cfc37e4b93" score = 75 @@ -100410,6 +101364,63 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Kovid_B77Dc7F4 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Kovid (Linux.Rootkit.Kovid)" + author = "Elastic Security" + id = "b77dc7f4-fef1-4256-ac34-677ad1c5b618" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Kovid.yar#L1-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "933273ff95a57dfe0162175dc6143395e23c69e36d8ca366481b795deaab4fd0" + logic_hash = "090c92e108f78a6d7ba9d0ed796c32226f253b81cf0ad8a138736d073761856c" + score = 75 + quality = 73 + tags = "FILE, MEMORY" + fingerprint = "29ae4fc448eb746b7d6ec192befd03977e83a1ad5b4d1369621d6d42b482ae50" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "name=kovid" + $str2 = "kovid.ko" + $str3 = "dontblink" + $str4 = "author=whatever coorp" + $str5 = "Your module 'unhide' magic word is: '%s'" + $str6 = ".sshd_orig" + $str7 = ".lm.sh" + $str8 = ".kv.ko" + $str9 = "whitenose" + $str10 = "pinknose" + $str11 = "rednose" + $str12 = "blacknose" + $str13 = "greynose" + $str14 = "purplenose" + $str15 = "fh_remove_hook" + $str16 = "backdoor can only be unhidden either by exit or rmmod: %d" + $str17 = "get_unhide_magic_word" + $str18 = "invalid data: syscall hook setreuid will not work" + $str19 = "Fuck-off" + $str20 = "/KoviD/src/sys.c" + $func1 = "kv_find_hidden_task" + $func2 = "kv_for_each_hidden_backdoor_data" + $func3 = "kv_bd_search_iph_source" + $func4 = "kv_check_cursing" + $func5 = "kv_for_each_hidden_backdoor_task" + $func6 = "kv_find_hidden_pid" + $func7 = "kv_hide_task_by_pid" + $func8 = "kv_unhide_task_by_pid_exit_group" + $func9 = "kv_util_random_AZ_string" + + condition: + 4 of ($str*) or 4 of ($func*) +} rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY { meta: @@ -100419,8 +101430,8 @@ rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382" logic_hash = "2284cfc91d17816f1733e8fe319af52bc66af467364d27f84e213082c216ae8b" score = 75 @@ -100451,8 +101462,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_5D112Feb : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de" logic_hash = "d234a1e74234400f51c2aa7a9fb1549be1bc422bdf585db7d2ec9ad1ec75e490" score = 75 @@ -100482,8 +101493,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_612A7A16 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8fda0e1775d903b73836d4103f6e8b0e2f052026b3acdb07bd345b9ddb3c873a" score = 75 quality = 75 @@ -100512,8 +101523,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_D3Ac2B2F : FILE MEMORY date = "2021-03-22" modified = "2022-06-20" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4" logic_hash = "9c13a99107593d476de1522ced10aa43d34535b844e8c3ae871b22358137c926" score = 75 @@ -100579,8 +101590,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_E577E17E : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "84c5f1096735cee0f0f4ad41a81286c0a60dc17c276f23568b855271d996c8a2" score = 75 @@ -100608,8 +101619,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_F2A90D14 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "3f39b773f2b1524b05d3c1d9aa1fb54594ec9003d2e9da342b6d17ba885f5a03" score = 75 @@ -100637,8 +101648,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_A2D69E48 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "edef51e59d10993155104d90fcd80175daa5ade63fec260e3272f17b237a6f44" logic_hash = "1f90be86b7afa7f518a3dcec55028bfc915cf6d4fed1350a56e351946cc55f41" score = 75 @@ -100667,8 +101678,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_Ebf431A8 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0cb3051a80a0515ce715b71fdf64abebfb8c71b9814903cb9abcf16c0403f62b" logic_hash = "b02d6e2d68b336aaa37336e0c0c3ffa6c7a126bfcdb6cb6ad5a3432004c6030c" score = 75 @@ -100701,8 +101712,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_Aa5Eefed : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "bbafc2eac17562f315b09fa42eb601d0140152917d7962429df3a378abe67732" score = 75 quality = 75 @@ -100731,8 +101742,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_B31Cac3F : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "30500e35721e9db3d63cafa5ca10818557fa9f4e0bda9c0d02283183508cf7b5" score = 75 quality = 75 @@ -100762,8 +101773,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_E9319E4A : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "182ed508d645a0b1fab80fb6f975a05d33b64c43005bd3656df6470934cd71f4" score = 75 quality = 75 @@ -100791,8 +101802,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_942142E3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "af5068ef3442964e4d1c5e27090fb84eaf762ff23463b7a0c2902e523ae601c1" score = 75 quality = 75 @@ -100820,8 +101831,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "48d927b4b18a03dfbce54bb5f4518869773737e449301ba2477eb797afbb9972" logic_hash = "cdd6b309a1e802f1251d726b0ea74e3d11fdd10d1d0bfa4c6f3d802f819368ec" score = 75 @@ -100849,8 +101860,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_82816Caa : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "14e6b788db0db57067d9885ab5ff3d3a5749639549d82abd98fa4fcf27000f34" logic_hash = "3ae00290073d41ff5dba2f677510bf9a9c0ebaed221901eb8b1a8dda08157a46" score = 75 @@ -100878,8 +101889,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_5Edb0181 : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e4df84e1dffbad217d07222314a7e13fd74771a9111d07adc467a89d8ba81127" logic_hash = "f6eb19329db765938b48021039baaf1b5aeb3240c405ba20ed81863a0fb4b583" score = 75 @@ -100907,8 +101918,8 @@ rule ELASTIC_Macos_Backdoor_Kagent_64Ca1865 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d599d7814adbab0f1442f5a10074e00f3a776ce183ea924abcd6154f0d068bb4" logic_hash = "dea0a1bbe8c3065b395de50b5ffc2fbdf479ed35ce284fa33298d6ed55e960c6" score = 75 @@ -100942,8 +101953,8 @@ rule ELASTIC_Windows_Wiper_Isaacwiper_239Cd2Dc : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "102ffe215b1e1c39e1225cb39dfeb10a20a08c5b10f836490fc1501c6eb9e930" score = 75 @@ -100976,8 +101987,8 @@ rule ELASTIC_Windows_Trojan_Sliver_46525B49 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ecce5071c28940a1098aca3124b3f82e0630c4453f4f32e1b91576aac357ac9c" logic_hash = "6e61d82b191a740882bcfeac2f2cf337e19ace7b05784ff041b6af2f79ed8809" score = 75 @@ -101006,8 +102017,8 @@ rule ELASTIC_Windows_Trojan_Sliver_C9Cae357 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "27210d8d6e16c492c2ee61a59d39c461312f5563221ad4a0917d4e93b699418e" logic_hash = "fea862352981787055961b1171de9b69a9c13d246f434809c8f4416d5c49a0ff" score = 75 @@ -101035,8 +102046,8 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc508a3e9ea093200acfc1ceebebb2b56686f4764fd8c94ab8c58eec7ee85c8b" logic_hash = "5ef70322a6ee3dec609d2881b7624d25bc0297a2e6f43ac60834745e6a258cf3" score = 75 @@ -101056,6 +102067,76 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Suterusu_94667Bf2 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Suterusu (Linux.Rootkit.Suterusu)" + author = "Elastic Security" + id = "94667bf2-7875-40c1-85fe-4b3421f3dc73" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Suterusu.yar#L1-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "753fd579a684e09a70ae0fd147441c45d24a5acae94a78a92e393058c3b69506" + logic_hash = "a02e2d05bc3bee902829087e21dcc7ed19320336c7d66d3938b0b9fd4c298bcb" + score = 75 + quality = 50 + tags = "FILE, MEMORY" + fingerprint = "e3b93c3a0ba94b657d71843eff9eef174f7a11abc4f43925ec70b844bc9b951f" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "Hiding PID %hu" + $str2 = "Unhiding PID %hu" + $str3 = "Hiding TCPv4 port %hu" + $str4 = "Unhiding TCPv4 port %hu" + $str5 = "Hiding TCPv6 port %hu" + $str6 = "Unhiding TCPv6 port %hu" + $str7 = "Hiding UDPv4 port %hu" + $str8 = "Unhiding UDPv4 port %hu" + $str9 = "Hiding UDPv6 port %hu" + $str10 = "Unhiding UDPv6 port %hu" + $str11 = "Hiding file/dir %s" + $str12 = "Unhiding file/dir %s" + $func1 = "hide_promisc" + $func2 = "hidden_tcp6_ports" + $func3 = "hide_udp4_port" + $func4 = "unhide_udp6_port" + $func5 = "hide_tcp4_port" + $func6 = "hide_tcp6_port" + $func7 = "hidden_udp4_ports" + $func8 = "unhide_tcp4_port" + $func9 = "unhide_file" + $func10 = "hijack_stop" + $func11 = "hooked_syms" + $func12 = "hidden_tcp4_ports" + $func13 = "unhide_proc" + $func14 = "unhide_udp4_port" + $func15 = "unhide_tcp6_port" + $func16 = "hidden_udp6_ports" + $func17 = "hijack_pause" + $func18 = "hijack_start" + $menu1 = "Hide process with pid [ARG]" + $menu2 = "Unhide process with pid [ARG]" + $menu3 = "Hide TCP 4 port [ARG]" + $menu4 = "Unhide TCP 4 port [ARG]" + $menu5 = "Hide UDPv4 port [ARG]" + $menu6 = "Unhide UDPv4 port [ARG]" + $menu7 = "Hide TCPv6 port [ARG]" + $menu8 = "Unhide TCPv6 port [ARG]" + $menu9 = "Hide UDPv4 port [ARG]" + $menu10 = "Unhide UDPv6 port [ARG]" + $menu11 = "Hide file/directory named [ARG]" + $menu12 = "Unhide file/directory named [ARG]" + + condition: + 4 of ($str*) or 6 of ($func*) or 4 of ($menu*) +} rule ELASTIC_Windows_Infostealer_Generic_Acde9261 : FILE MEMORY { meta: @@ -101065,8 +102146,8 @@ rule ELASTIC_Windows_Infostealer_Generic_Acde9261 : FILE MEMORY date = "2024-10-21" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Infostealer_Generic.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Infostealer_Generic.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b46239c47a835757bba49078728f693b7273b0e3755e2968deac4aa92e90364d" logic_hash = "86897117295bdcf79fad9f2ad939fabe89e3770309122ba142c7a26c926148c5" score = 75 @@ -101098,8 +102179,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_C42Fd06D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "4ff7aad11adaae8fccb23d36fc96937ba48a5517895a742f2864ba1973f3db3a" score = 75 @@ -101127,8 +102208,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_D08B1D2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4f7ad24b53b8e255710e4080d55f797564aa8c270bf100129bdbe52a29906b78" logic_hash = "8f489bb020397beae91f7bce82bc1b47912deab1b79224158f79c53f1d7c7fd3" score = 75 @@ -101156,8 +102237,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_0797De34 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e4699e35ce8091f97decbeebff63d7fa8c868172a79f9d9d52b6778c3faab8f2" logic_hash = "7ab5dd99d8bbef61ec764900df5bebf39ed90833a8f9481c427cbb46faf2c521" score = 75 @@ -101185,8 +102266,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_41E36585 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "e176523afe8c3394ddda41a5ef11f825fed1e149476709a7c1ea26b8af72d4fc" score = 75 @@ -101214,8 +102295,8 @@ rule ELASTIC_Windows_Hacktool_Chromekatz_Fa232Bba : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3f6922049422df14f1a1777001fea54b18fbfb0a4b03c4ee27786bfbc3b8ab87" logic_hash = "c86291fadd51845cbd7428b159e401d78ac77090e14e34d06bf7bf2018f4502a" score = 75 @@ -101252,8 +102333,8 @@ rule ELASTIC_Linux_Cryptominer_Minertr_9901E275 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f77246a93782fd8ee40f12659f41fccc5012a429a8600f332c67a7c2669e4e8f" logic_hash = "a18e0763fe9aec6d89b39cefb872b1751727e2d88ec4733b9c8b443b83219763" score = 75 @@ -101281,8 +102362,8 @@ rule ELASTIC_Windows_Trojan_Poshc2_E2D3881E : FILE MEMORY date = "2023-03-29" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7a718a4f74656346bd9a2e29e008705fc2b1c4d167a52bd4f6ff10b3f2cd9395" logic_hash = "4f3e2a9f22826a155a3007193a0f75a5fde6e423734a60f30628ea3bb33d3457" score = 75 @@ -101317,8 +102398,8 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY date = "2024-01-18" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "55a27cb6280f31c077987d338151b13e9dc0cc1c14d47a32e64de6d6c1a6a742" logic_hash = "47ca96e14b2b56bc6ef1ed22b42adac7aa557170632c2dc085fae3baf6198f40" score = 75 @@ -101337,6 +102418,45 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY condition: all of them } +rule ELASTIC_Linux_Rootkit_Jynx_C470Eaff : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Jynx (Linux.Rootkit.Jynx)" + author = "Elastic Security" + id = "c470eaff-20f2-430f-988f-15a4b7bd75f8" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Jynx.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "79c2ae1a95b44f3df42d669cb44db606d2088c5c393e7de5af875f255865ecb4" + logic_hash = "02d1ec1670089a3d9743e57a8dd504f57cea897eca0f896c129fd4f30f24e700" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "337087ba691d4f535e7ee160efb60ca5b71c79504297f6e711bcaf058fdb7a36" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $hook1 = "old_access" + $hook2 = "old_lxstat" + $hook3 = "old_open" + $hook4 = "old_rmdir" + $hook5 = "old_unlink" + $hook6 = "old_xstat" + $hook7 = "old_fopen" + $hook8 = "old_opendir" + $hook9 = "old_readdir" + $hook10 = "forge_proc_net_tcp" + $hook11 = "forge_proc_cpu" + + condition: + 4 of ($hook*) +} rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY { meta: @@ -101346,8 +102466,8 @@ rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93" logic_hash = "1f80b2fd6121c2b36742c819a56626af2e1450dac0f62c67d93f09e4e140b75f" score = 75 @@ -101390,8 +102510,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_903E33C3 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "5f96f68df442eb1da21d87c3ae954c4e36cf87db583cbef1775f8ca9e76b776e" score = 75 @@ -101419,8 +102539,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_46F2E5Fd : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "580be4c5b058916c2bc67a7964522a7c369bb254394e3cedbf0da025105231c4" score = 75 @@ -101453,8 +102573,8 @@ rule ELASTIC_Linux_Hacktool_Tcpscan_334D0Ca5 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "62de04185c2e3c22af349479a68ad53c31b3874794e7c4f0f33e8d125c37f6b0" logic_hash = "94ee723c660294e35caec5a2b66eeea64896265cfebc839ed3f55cf8f8c67d7e" score = 75 @@ -101482,8 +102602,8 @@ rule ELASTIC_Linux_Trojan_Lady_75F6392C : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Lady.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Lady.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c257ac7bd3a9639e0d67a7db603d5bc8d8505f6f2107a26c2615c5838cf11826" logic_hash = "5160b6ab4800c72b48b501787f3164c2ba1061a2abe21c63180e02d6791a4c12" score = 75 @@ -101511,8 +102631,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_A82F5D21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d76886222de7292e8a76717f6d49452f52aaffb957bb0326bcfc7a35c3fdfc6a" score = 75 quality = 75 @@ -101539,8 +102659,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_383C6708 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d9d607f0bbc101f7f6dc0f16328bdd8f6ddb8ae83107b7eee34e1cc02072cb15" logic_hash = "b0fd479722ab0808a4709cbacbb874282c48a425f4dbdaec9f74bc7f839c82e4" score = 75 @@ -101568,8 +102688,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_621054Fe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "18f22bb0aa66ec2ecdaa9ca0e0d00ee59a2c9a3f231bd71915140e4464a4ea78" score = 75 quality = 75 @@ -101596,8 +102716,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_1Bda891E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "74e7547472117de20159f5b158cee0ccacc02a9aba5e5ad64a52c552c966d539" score = 75 quality = 75 @@ -101624,8 +102744,8 @@ rule ELASTIC_Macos_Creddump_Keychainaccess_535C1511 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "c2995263622d62b11db93f7d163a7595e316ec24b51099f434bc5dbd0afefbfe" score = 75 quality = 49 @@ -101659,8 +102779,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_B35C6F4B : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "acc49348267e963af9ff6ba7afa053d4056d4068b4386a872e33e025790ba759" score = 75 @@ -101694,8 +102814,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_8F657F58 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "20a0d8be9c25d50d4dddd455ecb9739f772f57e988855c7fc2df597b2f67585b" score = 75 @@ -101723,8 +102843,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_Bb204B81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6147481d083c707dc98905a1286827a6e7009e08490e7d7c280ed5a6356527ad" logic_hash = "90d211c11281f5f8832210f3fc087fe5ff5a519b9b38628835e8b5fcc560bd9b" score = 75 @@ -101752,8 +102872,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_7C60454D : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "14eeff3516de6d2cb11d6ada4026e3dcee1402940e3a0fb4fa224a5c030049d8" logic_hash = "90dcd0a3d3f6345e66db0a4f8465e3830eb4e3bcb675db16c60a89e20f935aec" score = 75 @@ -101781,8 +102901,8 @@ rule ELASTIC_Windows_Trojan_Blister_Cb99A1Df : FILE MEMORY date = "2021-12-21" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blister.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blister.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00" logic_hash = "deb1be5300d8af12dda868dd5f4ccdbb3ec653bd97c33a09e567c13ecafb9e8a" score = 75 @@ -101812,8 +102932,8 @@ rule ELASTIC_Windows_Trojan_Blister_9D757838 : FILE MEMORY date = "2022-04-26" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blister.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blister.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "863de84a39c9f741d8103db83b076695d0d10a7384e4e3ba319c05a6018d9737" logic_hash = "4d9ce1622d77b2ac8b20b2dfb60ac672752dabab315221a5449ebd3c73a3edca" score = 75 @@ -101842,8 +102962,8 @@ rule ELASTIC_Windows_Trojan_Blister_68B53E1B : FILE MEMORY date = "2023-08-02" modified = "2023-08-08" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blister.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blister.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "6d935461406a6b9b39867d52aa5ecb088945ae0f8c56895a67e8565e5a2a3699" score = 75 @@ -101872,8 +102992,8 @@ rule ELASTIC_Windows_Trojan_Blister_487B0966 : FILE MEMORY date = "2023-09-11" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blister.yar#L68-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blister.yar#L68-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "521409d03335205507cc6894e0de3ca627eb966a95a2f8e7b931e552ad78bbb7" score = 75 @@ -101903,8 +103023,8 @@ rule ELASTIC_Windows_Trojan_Blister_26F8C5F2 : FILE MEMORY date = "2024-09-25" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Blister.yar#L91-L110" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Blister.yar#L91-L110" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cba30fb1731e165acc256d99d32f3c9e5abfa27d152419d24a91d8b79c5c5cb0" logic_hash = "dc87a3ae4edf0b8ee18cb7c34f9b4a0305c504b7ef66cb3232c91dc364d3563c" score = 75 @@ -101933,8 +103053,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_3C43D4A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "c7e9191312197f8925d7231d0b8badf8b5ca35685df909c0d1feb301b4385d7b" score = 75 @@ -101962,8 +103082,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_F9269F00 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "5914d222b49aaf6c1040e48ffd93c04bd5df25f1d97bde79b034862fca6555f6" score = 75 @@ -101991,8 +103111,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_08Bcf61C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "503f293d84de4f2c826f81a68180ad869e0d1448ea6c0dbf09a7b23801e1a9b9" logic_hash = "fb2755c04b61d19788a92b8c9c1c9eb2552b62b27011e302840fdcf689b3d9b4" score = 75 @@ -102020,8 +103140,8 @@ rule ELASTIC_Windows_PUP_Generic_198B73Aa : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_PUP_Generic.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_PUP_Generic.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a584c34b9dfc2d78bf8a1e594a2ed519d20088184ce1df09e679b2400aa396d3" score = 75 quality = 75 @@ -102050,8 +103170,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_79D52Efd : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970" logic_hash = "1d4eb14042f552aa1577d0fe452e92c25bda66d0ad1a66e824677bee65908578" score = 75 @@ -102079,8 +103199,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_D0Eb0924 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b" logic_hash = "5229be3d1997ee4d05846d6804ffafd36c088dd8607a1fba39a0a43950e448c1" score = 75 @@ -102108,8 +103228,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_A5828970 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83" logic_hash = "61b0cb38a6e14efee157547e811450d2ed4674f79ac86656a8d984084f71a665" score = 75 @@ -102137,8 +103257,8 @@ rule ELASTIC_Multi_Trojan_Coreimpact_37703Dc3 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2d954908da9f63cd3942c0df2e8bb5fe861ac5a336ddef2bd0a977cebe030ad7" logic_hash = "0695f22d6eb8c1b335c43213087539db419562bebd6f5b948cbb168c454bd37c" score = 75 @@ -102170,8 +103290,8 @@ rule ELASTIC_Windows_Attacksimulation_Hovercraft_F5C7178F : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "046645b2a646c83b4434a893a0876ea9bd51ae05e70d4e72f2ccc648b0f18cb6" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e707e89904a5fa4d30f94bfc625b736a411df6bb055c0e40df18ae65025a3740" score = 75 quality = 75 @@ -102199,8 +103319,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_9Ac1654B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5de1f43803f3d3b94149ea39ed961e7b9a1ad86c15c5085e2e0a5f9c314e98ff" score = 75 quality = 75 @@ -102227,8 +103347,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Dd167Aa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "88be4fbb337fa866e126021b40a01d86a33029071af7efc289a8c5490d21ea8a" score = 75 quality = 75 @@ -102255,8 +103375,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B25398Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6fb3b77be0a66a10124a82f9ec6ad22247d7865a4d26aa49c5d602320318ce3c" logic_hash = "e7fdb3c573909e8f197417278a6d333cc3743b05257d81fed46769b185354183" score = 75 @@ -102284,8 +103404,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_6A279F19 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b01f72b2c53db9b8f253bb98c6584581ebd1af1b1aaee62659f54193c269fca" logic_hash = "91e3c0d96fe5ab9c61b38f01d39639020ec459bec6348b1f87a2c5b1a874e24a" score = 75 @@ -102313,8 +103433,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_4E7945A4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b7504ce57787956e486d951b4ff78d73807fcc2a7958b172febc6d914e7a23a7" logic_hash = "aebc544076954fcce917e026467a8828b18446ce7c690b4c748562e311b7d491" score = 75 @@ -102342,8 +103462,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_29C1C386 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "1a3a9065cbb59658c06dfbfc622ccd2e577e988370ffe47848a5859f96db4e24" score = 75 @@ -102371,8 +103491,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_25B63F54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "640ffe2040e382ad536c1b6947e05f8c25ff82897ef7ac673a7676815856a346" score = 75 quality = 75 @@ -102399,8 +103519,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_73E2373E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "2377da6667860dc7204760ee64213cba95909c9181bd1a3ea96c3ad29988c9f7" score = 75 @@ -102428,8 +103548,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B8552Fff : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "476b800422b6d98405d8bde727bb589c5cae36723436b269beaa65381b3d0abe" score = 75 @@ -102457,8 +103577,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_83550472 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "f62d4a2a7dfb312b2e362844bfa29bd4453a05f31b4f72550ef29ff40ed6fb9d" score = 75 @@ -102486,8 +103606,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_8799D8D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4a6d98eae8951e5b9e0a226f1197732d6d14ed45c1b1534d3cdb4413261eb352" logic_hash = "4bcd7931aeed09069d5dd248a66f119a2bdf628e03b9abed9ee2de59a149c2bc" score = 75 @@ -102515,8 +103635,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_0F7C5375 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e75be5377ad65abdc69e6c7f9fe17429a98188a217d0ca3a6f40e75c4f0c07e8" logic_hash = "05f4b16a7e4c7ffbc6b8a2f60050a4ac1d05d9efbe948e2da689055f6383cf82" score = 75 @@ -102544,8 +103664,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_87639Dbd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "b81af8c9baee999b91e63f97d5a46451d9960487b25b04079df5539f857be466" score = 75 @@ -102573,8 +103693,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Cdd631C1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "91549c171ae7f43c1a85a303be30169932a071b5c2b6cf3f4913f20073c97897" logic_hash = "5e4b26a74fc3737c068917c7c1228048f885ac30fc326a2844611f7e707d1300" score = 75 @@ -102602,8 +103722,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_209B02Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "60d33d1fdabc6b10f7bb304f4937051a53d63f39613853836e6c4d095343092e" logic_hash = "5cadc955242d4b7d5fd4365a0b425051d89c905e3d49ea03967150de0020225c" score = 75 @@ -102631,8 +103751,8 @@ rule ELASTIC_Windows_Vulndriver_Microstar_D72B85B2 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59" logic_hash = "04e9c1f318acae5544cdc826938383bf8f6c6b838cb5828a7097383ac564f404" score = 75 @@ -102662,8 +103782,8 @@ rule ELASTIC_Macos_Hacktool_Bifrost_39Bcbdf8 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e2b64df0add316240b010db7d34d83fc9ac7001233259193e5a72b6e04aece46" logic_hash = "a2ff4f1aca51e80f2b277e9171e99a80a75177d1d17d487de2eb8872832cb0d5" score = 75 @@ -102699,8 +103819,8 @@ rule ELASTIC_Linux_Cryptominer_Zexaf_B90E7683 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "98650ebb7e463a06e737bcea4fd2b0f9036fafb0638ba8f002e6fe141b9fecfe" logic_hash = "d8485d8fbf00d5c828d7c6c80fef61f228f308e3d27a762514cfb3f00053b30b" score = 75 @@ -102728,8 +103848,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_7Bea6C8F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea" logic_hash = "3b148fed9c52af1d2d1eb18b6c4b191fb80e547f2da1beccdaf3d3e0237ecc1b" score = 75 @@ -102758,8 +103878,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_Abe8Bfa6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_DirectIo.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_DirectIo.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5" logic_hash = "5224938b0381943a171b1db00249e71c43ce2c179ef4bbe14b46cc0787e35cb2" score = 75 @@ -102788,8 +103908,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_3315863F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498" logic_hash = "ba4e6a94516e36dcd6140b6732d959703e2c58a79add705b9260001ea26db738" score = 75 @@ -102818,8 +103938,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_1B1C5Cd5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22" logic_hash = "5fcfffea021aee8d18172383df0e65f8c618fab545c800f1a7b659e8112c6c0f" score = 75 @@ -102849,8 +103969,8 @@ rule ELASTIC_Linux_Trojan_Pornoasset_927F314F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93" logic_hash = "7267375346c1628e04c8272c24bde04a5d6ae2b420f64dfe58657cfc3eecc0e7" score = 75 @@ -102878,8 +103998,8 @@ rule ELASTIC_Windows_Virus_Floxif_493D1897 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Virus_Floxif.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Virus_Floxif.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e628b7973ee25fdfd8f849fdf5923c6fba48141de802b0b4ce3e9ad2e40fe470" logic_hash = "d3f516966bd4423c49771251075a1ea2f725aec91615f7f44dd098da2a4f3574" score = 75 @@ -102907,8 +104027,8 @@ rule ELASTIC_Linux_Packer_Patched_UPX_62E11C64 : FILE date = "2021-06-08" modified = "2021-07-28" reference = "https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669" logic_hash = "cb576fdd59c255234a96397460b81cbb2deeb38befaed101749b7bb515624028" score = 75 @@ -102936,8 +104056,8 @@ rule ELASTIC_Windows_Vulndriver_Truesight_7429Ac81 : FILE MEMORY date = "2024-06-21" modified = "2024-09-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_TrueSight.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_TrueSight.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c" logic_hash = "8490947a632ca32822231631e19e52380b8b1a26c74c697d36898b0facbfcc9c" score = 75 @@ -102966,8 +104086,8 @@ rule ELASTIC_Windows_Hacktool_Edrrecon_69453Aff : FILE MEMORY date = "2024-03-07" modified = "2024-06-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_EDRrecon.yar#L1-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_EDRrecon.yar#L1-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" logic_hash = "3d0f6dc5d47a3c0957a7aa8d2918fee113d079d7d74f37a1c17c5429034ba41f" score = 75 @@ -103035,8 +104155,8 @@ rule ELASTIC_Windows_Hacktool_Edrrecon_Ca314Aa1 : FILE MEMORY date = "2024-03-07" modified = "2024-06-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_EDRrecon.yar#L61-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_EDRrecon.yar#L61-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" logic_hash = "04b8681b0b6f8fa51eb90488edf35638da3334886c7db5fc22218712b0d23007" score = 75 @@ -103100,8 +104220,8 @@ rule ELASTIC_Windows_Vulndriver_Segwin_04A3962E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd" logic_hash = "1e9ba5fc78f2b4eeee56314c9e8cf3071817d726b44cb8510f8d7069e85ab7bf" score = 75 @@ -103131,8 +104251,8 @@ rule ELASTIC_Windows_Trojan_Cryptbot_489A6562 : FILE MEMORY date = "2021-08-18" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110" logic_hash = "7fee3cc67419e66de790ba2ad8c3102425b3a45bdfe31801758dd38021a8439b" score = 75 @@ -103164,8 +104284,8 @@ rule ELASTIC_Linux_Trojan_Adlibrary_2E908E5F : FILE MEMORY date = "2022-08-23" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "acb22b88ecfb31664dc07b2cb3490b78d949cd35a67f3fdcd65b1a4335f728f1" logic_hash = "0d0df636876adf0268b7a409bfc9d8bfad298793d11297596ef91aeba86889da" score = 75 @@ -103193,8 +104313,8 @@ rule ELASTIC_Windows_Vulndriver_Toshibabios_2891972A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073" logic_hash = "c253181a754f421ee36ced994412672770497756848d78d557907957486e711b" score = 75 @@ -103224,8 +104344,8 @@ rule ELASTIC_Windows_Trojan_Pizzapotion_D334C613 : FILE MEMORY date = "2023-09-13" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "37bee101cf34a84cba49adb67a555c6ebd3b8ac7c25d50247b0a014c82630003" logic_hash = "de7d395c8a993abf9858858e56ba0ec4acbf0fa1c8bfe4a34ae95be2205967fc" score = 75 @@ -103258,8 +104378,8 @@ rule ELASTIC_Windows_Ransomware_Mespinoza_3Adb59F5 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6f3cd5f05ab4f404c78bab92f705c91d967b31a9b06017d910af312fa87ae3d6" logic_hash = "28c8ad42a3af70fed274edc9105dae5cef13749d71510561a50428c822464934" score = 75 @@ -103289,8 +104409,8 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ea1dc816dfc87c2340a8b8a77a4f97618bccf19ad3b006dce4994be02e13245d" logic_hash = "3619df974c9f4ec76899afbafdfd6839070714862c7361be476cf8f83e766e2f" score = 75 @@ -103322,8 +104442,8 @@ rule ELASTIC_Windows_Ransomware_Agenda_D7B1Af3F : FILE MEMORY date = "2024-09-10" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Agenda.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Agenda.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "117fc30c25b1f28cd923b530ab9f91a0a818925b0b89b8bc9a7f820a9e630464" logic_hash = "a68330bf98ae200ff2d0da51836436f2bdff5c10eb4e0145502f688055980493" score = 75 @@ -103354,8 +104474,8 @@ rule ELASTIC_Windows_Vulndriver_Gdrv_5368078B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427" logic_hash = "f4d43ac4a4b6d879ffb5ba637b38ec75c8b57f531db644015c1a71c2cdea45d5" score = 75 @@ -103385,8 +104505,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92" logic_hash = "04452141a867d4f6fce618c21795cc142a1265b56c62ecb9e579003d36b4b2b9" score = 75 @@ -103415,8 +104535,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_3476008E : FILE MEMORY date = "2022-01-18" modified = "2022-01-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d" logic_hash = "729818df1b6b82fc00eba0fe1c9139ec4746e1775146ab7fdea9e25dec1cddea" score = 75 @@ -103447,8 +104567,8 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347" logic_hash = "c4fa65bbd9d374092137b65209f29744caeb8b04fbd364b1acc67b73c45604e8" score = 75 @@ -103469,6 +104589,54 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE condition: int16 ( uint32(0x3C)+0x5c)==0x0001 and $original_file_name and $version } +rule ELASTIC_Linux_Rootkit_Brokepkg_7B7D4581 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Brokepkg (Linux.Rootkit.BrokePKG)" + author = "Elastic Security" + id = "7b7d4581-ee4d-48c3-81e4-4264d68e8fe9" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_BrokePKG.yar#L1-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "97c5e011c7315a05c470eef4032030e461ec2a596513703beedeec0b0c6ed2da" + logic_hash = "a4e5916fa0ca6b07fcbb6f970abb0212a970cf723b906e605c18e620efc501dc" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "5d771035e2bc4ffea1b9fd6f29c76ff5d9278db42167d3dab90eb0ac8d4bdd78" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $license1 = "author=R3tr074" + $license2 = "name=brokepkg" + $license3 = "description=Rootkit" + $license4 = "license=GPL" + $str1 = "brokepkg" + $str2 = "brokepkg: module revealed" + $str3 = "brokepkg: hidden module" + $str4 = "brokepkg: given away root" + $str5 = "brokepkg unloaded, my work has completed" + $str6 = "br0k3_n0w_h1dd3n" + $hook1 = "nf_inet_hooks" + $hook2 = "ftrace_hook" + $hook3 = "hook_getdents" + $hook4 = "hook_kill" + $hook5 = "hook_tcp4_seq_show" + $hook6 = "hook_tcp6_seq_show" + $hook7 = "orig_tcp6_seq_show" + $hook8 = "orig_tcp4_seq_show" + $hook9 = "orig_kill" + $hook10 = "orig_getdents" + + condition: + 3 of ($license*) or 2 of ($str*) or 4 of ($hook*) +} rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY { meta: @@ -103478,8 +104646,8 @@ rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "af7dbc84efeb186006d75d095f54a266f59e6b2348d0c20591da16ae7b7d509a" logic_hash = "b0330adf1d4420ddf1f302974d2e4179f52ab1c8dc2f294ddf52286d714e0463" score = 75 @@ -103511,8 +104679,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_66197D54 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7bccf37960e2f197bb0021ecb12872f0f715b674d9774d02ec4e396f18963029" score = 75 @@ -103548,8 +104716,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_E8Ed269C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "c56b6dfb2c3ae657615c825a4d5d5640c2204fa4217262e1ccb4359d5a914a63" score = 75 @@ -103587,8 +104755,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_413Caa6B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "4f2417d61be5e68630408a151cd73372aef9e7f4638acf4e80bfa5b2811119a7" score = 75 @@ -103626,8 +104794,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_23Fee092 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "ed019c9198b5d9ff8392bfd7e0b23a7b1383eabce4c71c665a3ca4a943c8b6ee" score = 75 @@ -103663,8 +104831,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_861D3264 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e6a0a0a24c70d69c0aa56063d2db0f5a0fedcda5b96d945ac14520524b1d00fd" score = 75 @@ -103702,8 +104870,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_57587F8C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "175b8b6f9fca189f2fc41f1029ad512db2c8b0e52ea04bfbc3d410d355928ab9" score = 75 @@ -103741,8 +104909,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Cae025B1 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "9c34443cffed43513242321e2170484dbb0d41b251aee8ea640d44da76918122" score = 75 @@ -103778,8 +104946,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4A9B9603 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "8d78483b54d3be6988b1f5df826b8709b7aa2045ff3a3e754c359365d053bb27" score = 75 @@ -103815,8 +104983,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4Db2C852 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "88c88103a055d25ba97f08e2f47881001ad8a2200a33ac04246494963dfe6638" score = 75 @@ -103854,8 +105022,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Bcedc8B2 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7f0a6a9168b5ff7cc02ccadd211cc8096307651be65c2b3e7cc9fdbbde08ab9f" score = 75 @@ -103893,8 +105061,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_B6Bb3E7C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e2eaf91b9c5d3616fb2f6f6bc4b44841b1efa3b4efe7ac72afe225728523af75" score = 75 @@ -103932,8 +105100,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_94474B0B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e209c9ce1f4b11c5fdeade3298329d62f5cf561403c87077d94b6921e81ffaea" score = 75 @@ -103971,8 +105139,8 @@ rule ELASTIC_Linux_Trojan_Cerbu_69D5657E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f10bf3cf2fdfbd365d3c2d8dedb2d01b85236eaa97d15370dbcb5166149d70e9" logic_hash = "644e8d5a1b5c8618e71497f21b0244215924e293e274b9164692dd927cd74ba8" score = 75 @@ -104000,8 +105168,8 @@ rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "f2cd08f6a32c075dc0294a0e26c51e686babc54ced4faa1873368c8821f0bfef" score = 75 @@ -104033,8 +105201,8 @@ rule ELASTIC_Windows_Trojan_Guloader_C4D9Dd33 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "623ea751fc32648720bda40598024d4d5b6a9a11b3cce3c9427310ba17745643" score = 75 @@ -104062,8 +105230,8 @@ rule ELASTIC_Windows_Trojan_Guloader_2F1E44C8 : FILE MEMORY date = "2023-10-30" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6ae7089aa6beaa09b1c3aa3ecf28a884d8ca84f780aab39902223721493b1f99" logic_hash = "434b33c3fdc6bf4b0f59cd4aba66327d0b7ab524be603b256494d46b609cecd5" score = 75 @@ -104095,8 +105263,8 @@ rule ELASTIC_Linux_Ransomware_Hive_Bdc7De59 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771" logic_hash = "33908128258843d63c5dfe5acf15cfd68463f5cbdf08b88ef1bba394058a5a92" score = 75 @@ -104124,8 +105292,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_70557305 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ad13fd7968f9574d2c822e579291c77a0c525991cfb785cbe6cdd500b737218" logic_hash = "f3eee9808a1e8a2080116dda7ce795815e1179143c756ea8fdd26070f1f8f74a" score = 75 @@ -104158,8 +105326,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1b55042e06f218546db5ddc52d140be4303153d592dcfc1ce90e6077c05e77f7" logic_hash = "64b2099f40f94b17bc5860b41773c41322420500696d320399ff1c016cb56e15" score = 75 @@ -104187,8 +105355,8 @@ rule ELASTIC_Windows_Ransomware_Hive_55619Cd0 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "51e2b03a9f9b92819bbf05ecbb33a23662a40e7d51f9812aa8243c4506057f1f" score = 75 @@ -104218,8 +105386,8 @@ rule ELASTIC_Windows_Ransomware_Hive_3Ed67Fe6 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "a599f0d528bdbec00afa7e9a5cddec5e799ee755a7f30af70dde7d2459b70155" score = 75 @@ -104251,8 +105419,8 @@ rule ELASTIC_Windows_Ransomware_Hive_B97Ec33B : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "10034d9f53fd5099a423269e0c42c01eac18318f5d11599e1390912c8fd7af25" score = 75 @@ -104280,8 +105448,8 @@ rule ELASTIC_Linux_Trojan_Bluez_50E87Fa9 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e526b6e3be273489afa8f0a3d50be233b97dc07f85815cc2231a87f5a651ef1" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "53754c538a7dea6f06e37980901350feddc3517821ea42544cb96e371709752f" score = 75 quality = 75 @@ -104308,8 +105476,8 @@ rule ELASTIC_Windows_Ransomware_Maze_61254061 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "b8537add953cdd7bc6adbff97f7f5a94de028709f0bd71102ee96d26d55f4f20" score = 75 quality = 75 @@ -104338,8 +105506,8 @@ rule ELASTIC_Windows_Ransomware_Maze_46F40C40 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-10-04" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "99180f41aaaf1dfb0a8a40709dcc392fdbc2b2d3a4d4b4a1ab160dd5f2b4c703" score = 75 quality = 75 @@ -104369,8 +105537,8 @@ rule ELASTIC_Windows_Ransomware_Maze_20Caee5B : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e09c059b285d2176aeba1a1f70d39f13cef4e05dc023c7db25fb9d92bd9a67d9" score = 75 quality = 75 @@ -104404,8 +105572,8 @@ rule ELASTIC_Windows_Ransomware_Maze_F88F136F : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5587f332a076650f6ad7b1e3b464ef6085d960e6dacf53607cf75c9f9ad07628" score = 75 quality = 75 @@ -104435,8 +105603,8 @@ rule ELASTIC_Linux_Trojan_Winnti_61215D98 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31" logic_hash = "051cc157f189094d25d45e66e410bdfd61ed7649a4c935d076cec1597c5debf5" score = 75 @@ -104464,8 +105632,8 @@ rule ELASTIC_Linux_Trojan_Winnti_4C5A1865 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0d963a713093fc8e5928141f5747640c9b43f3aadc8a5478c949f7ec364b28ad" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "69f6dcba59ec8cd7f4dfe853495a35601e35d74476fad9e18bef7685a68ece51" score = 75 quality = 75 @@ -104492,8 +105660,8 @@ rule ELASTIC_Linux_Trojan_Winnti_6F4Ca425 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "161af780209aa24845863f7a8120aa982aa811f16ec04bcd797ed165955a09c1" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a1ffc0e3d27c4bb9fd10f14d45b649b4f059c654b31449013ac06d0981ed25ed" score = 75 quality = 75 @@ -104520,8 +105688,8 @@ rule ELASTIC_Linux_Trojan_Winnti_De4B0F6E : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "a6b9b3ea19eaddd4d90e58c372c10bbe37dbfced638d167182be2c940e615710" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fb7b0ff4757dfc1ba2ca8585d5ddf14aae03063e10bdc2565443362c6ba37c30" score = 75 quality = 75 @@ -104548,8 +105716,8 @@ rule ELASTIC_Windows_Hacktool_Safetykatz_072B7370 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "89a456943cf6d2b3cd9cdc44f13a23640575435ed49fa754f7ed358c1a3b6ba9" logic_hash = "cedd3ede487371a8e0d29804f2b81ae808c7ad01bd803fa39dc2c50e472cff43" score = 75 @@ -104581,8 +105749,8 @@ rule ELASTIC_Windows_Trojan_Jupyter_56152E31 : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601" logic_hash = "7b32e9caca744f4f6b48aefa5fda111e6b7ac81a62dd1fb8873d2c800ac3c42b" score = 75 @@ -104613,8 +105781,8 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3" logic_hash = "746eb5a2583077189d82d1a96b499ff383f31220845bd8a6df5b7a7ceb11e6fb" score = 75 @@ -104642,8 +105810,8 @@ rule ELASTIC_Windows_Vulndriver_Agent64_8Ef48Aeb : FILE date = "2022-07-19" modified = "2022-07-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748" hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca" logic_hash = "a35f82202507e582e3cbc7018656545fcee1244ec1638a696f0b7c970fd5023c" @@ -104677,8 +105845,8 @@ rule ELASTIC_Windows_Trojan_Formbook_1112E116 : FILE MEMORY date = "2021-06-14" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a" logic_hash = "ec307a8681fa01fc0c7c0579b0e3eff10e7f373159ad58dae0a358ff16fbc10b" score = 75 @@ -104709,8 +105877,8 @@ rule ELASTIC_Windows_Trojan_Formbook_772Cc62D : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "db9ab8df029856fc1c210499ed8e1b92c9722f7aa2264363670c47b51ec8fa83" score = 75 quality = 75 @@ -104740,8 +105908,8 @@ rule ELASTIC_Windows_Trojan_Formbook_5799D1F2 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8555a6d313cb17f958fc2e08d6c042aaff9ceda967f8598ac65ab6333d14efd9" logic_hash = "8e61eabd11beb9fb35c016983cfb3085f5ceddfc8268522f3b48d20be5b5df6a" score = 75 @@ -104769,8 +105937,8 @@ rule ELASTIC_Linux_Ransomware_Blackbasta_96Eb3F20 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be" logic_hash = "a5e0b60ba51490f70af53c9fba91e3349c712bebb10574eb4bed028ab961ae74" score = 75 @@ -104804,8 +105972,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_Aaf312C3 : FILE MEMORY date = "2022-02-02" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "0771ab5a795af164a568bda036cccf08afeb33458f2cd5a7240349fca9b60ead" score = 75 @@ -104834,8 +106002,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_00E525D7 : FILE MEMORY date = "2022-02-02" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "e44625d0fa8308b9d4d63a9e6920b4da4a2ce124437f122b2c8fe5cf0ab85a6b" score = 75 @@ -104866,8 +106034,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_C4B043E6 : FILE MEMORY date = "2022-09-12" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "45b8678f74d29c87e2d06410245ab6c2762b76190594cafc9543fb9db90f3d4f" logic_hash = "1262ca76581920f08a6482ead68023fdfff08a9ddd19e00230054e3167dc184c" score = 75 @@ -104895,8 +106063,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_70171625 : FILE MEMORY date = "2023-01-05" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "fd07acd7c8627754f000c44827848bf65bcaa96f2dfb46e41542f3c9b40eee78" score = 75 @@ -104932,8 +106100,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_E066D802 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "00360830bf5886288f23784b8df82804bf6f22258e410740db481df8a7701525" logic_hash = "00fbb8013faf26c35b6cd8a72ebc246444c37c5ec7a0df2295830e96c01c8720" score = 75 @@ -104963,8 +106131,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_0Ffb0A37 : FILE MEMORY date = "2023-07-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_BlackCat.yar#L115-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_BlackCat.yar#L115-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "57136b118a0d6d3c71e522ea53e3305dae58b51f06c29cd01c0c28fa0fa34287" logic_hash = "4f28281e4b23868c63438d4800b9e5978426e7c98b6142ef8082cfd251cafe57" score = 75 @@ -104993,8 +106161,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_185E2396 : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "caa21cc019d8e4549d976f8b4f98d930ef7acf4c39c41956ae35fa78c975e016" score = 75 @@ -105029,8 +106197,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_3A5B56Dd : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "2491fff4ad0327e0440d842f221fb6623c8efd97e2991bf2090abceaef9c2ccf" score = 75 @@ -105063,8 +106231,8 @@ rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "017a9d7290cf327444d23227518ab612111ca148da7225e64a9f6ebd253449ab" logic_hash = "227adcc340c38cebf56ea2f39b483c965dd46827d83afe5f866ca844c932da76" score = 75 @@ -105092,8 +106260,8 @@ rule ELASTIC_Windows_Trojan_Stormkitty_6256031A : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0c69015f534d1da3770dbc14183474a643c4332de6a599278832abd2b15ba027" logic_hash = "a797e87eaf5b173da9dd43fcff03b3d26198dcafa29c3f2ca369773c73001234" score = 75 @@ -105126,8 +106294,8 @@ rule ELASTIC_Windows_Trojan_Doorme_246Eda61 : FILE MEMORY date = "2022-12-09" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96b226e1dcfb8ea2155c2fa508125472c8c767569d009a881ab4c39453e4fe7f" logic_hash = "01240f2e23904498c34ec805cc8bc3e9ac7b76c6519685ef6b367066f1a0bc5b" score = 75 @@ -105160,8 +106328,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_D9A9173A : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7" logic_hash = "93961d9771aa4e828e15923064a848291c7814ad4e15e30cd252fc41523d789e" score = 75 @@ -105192,8 +106360,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_E87C9D50 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fd285c2fb4d42dde23590118dba016bf5b846625da3abdbe48773530a07bcd1e" logic_hash = "455ecf97e7becaf9c40843f8a3f60ec233d35e0061c6994f168428a8835c1b20" score = 75 @@ -105225,8 +106393,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_3Bcac358 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad16989a3ebf0b416681f8db31af098e02eabd25452f8d781383547ead395237" logic_hash = "f260372b9f2ea32f93ff7a30dc8239766e713a1e177a483444b14538741c24af" score = 75 @@ -105257,8 +106425,8 @@ rule ELASTIC_Windows_Trojan_Qbot_D91C1384 : FILE MEMORY date = "2021-07-08" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "18ac3870aaa9aaaf6f4a5c0118daa4b43ad93d71c38bf42cb600db3d786c6dda" logic_hash = "8fd8249a2af236c92ccbc20b2a8380f69ca75976bd64bad167828e9ab4c6ed90" score = 75 @@ -105286,8 +106454,8 @@ rule ELASTIC_Windows_Trojan_Qbot_7D5Dc64A : FILE MEMORY date = "2021-10-04" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56" logic_hash = "5c8858502050494ab20a230f04c2c1cb4bfcd80f4a248dad82787d7ce67c741d" score = 75 @@ -105316,8 +106484,8 @@ rule ELASTIC_Windows_Trojan_Qbot_6Fd34691 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0838cd11d6f504203ea98f78cac8f066eb2096a2af16d27fb9903484e7e6a689" logic_hash = "9422d9f276f0c8c2990ece3282d918abc6fcce7eeb6809d46ae6b768a501a877" score = 75 @@ -105346,8 +106514,8 @@ rule ELASTIC_Windows_Trojan_Qbot_3074A8D4 : FILE MEMORY date = "2022-06-07" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "90c06bd09fe640bb5a6be8e4f2384fb15c7501674d57db005e790ed336740c99" score = 75 @@ -105387,8 +106555,8 @@ rule ELASTIC_Windows_Trojan_Qbot_1Ac22A26 : FILE MEMORY date = "2022-12-29" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "d9beaf4a8c28a0b3c38dda6bf22a96b8c96ef715bd36de880504a9f970338fe2" score = 75 @@ -105434,8 +106602,8 @@ rule ELASTIC_Windows_Vulndriver_Elby_65B09743 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b" logic_hash = "7c7438520b238daf38d4ac91cbdee48bbfa9c85bd76208a436ce59edcfcecb80" score = 75 @@ -105465,8 +106633,8 @@ rule ELASTIC_Multi_Trojan_Merlin_32643F4C : FILE MEMORY date = "2024-03-01" modified = "2024-05-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "84b988c4656677bc021e23df2a81258212d9ceba13be204867ac1d9d706404e2" logic_hash = "7de2deec0e2c7fd3ce2b42762f88bfe87cb4ffb02b697953aa1716425d6f1612" score = 75 @@ -105503,8 +106671,8 @@ rule ELASTIC_Linux_Proxy_Frp_4213778F : FILE MEMORY date = "2021-10-20" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Proxy_Frp.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Proxy_Frp.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2" logic_hash = "83eeb632026c38ac08357c27d971da31fbc9a0500ecf489e8332ac5862a77b85" score = 75 @@ -105541,8 +106709,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_28B13E67 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0b50a38749ea8faf571169ebcfce3dfd668eaefeb9a91d25a96e6b3881e4a3e8" logic_hash = "586ae19e570c51805afd3727b2e570cdb1c48344aa699e54774a708f02bc3a6f" score = 75 @@ -105570,8 +106738,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_75C8Cb4E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3d69912e19758958e1ebdef5e12c70c705d7911c3b9df03348c5d02dd06ebe4e" logic_hash = "527fecb8460c0325c009beddd6992e0abbf8c5a05843e4cedf3b17deb4b19a1c" score = 75 @@ -105599,8 +106767,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_17B564B4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "94f6e5ee6eb3a191faaf332ea948301bbb919f4ec6725b258e4f8e07b6a7881d" logic_hash = "40cd2a793c8ed51a8191ecb9b358f50dc2035d997d0f773f6049f9c272291607" score = 75 @@ -105628,8 +106796,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C90C088A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "875513f4ebeb63b9e4d82fb5bff2b2dc75b69c0bfa5dd8d2895f22eaa783f372" logic_hash = "c82c5c8d1e38e0d2631c5611e384eb49b58c64daeafe0cc642682e5c64686b60" score = 75 @@ -105657,8 +106825,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_3965578D : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d72543505e36db40e0ccbf14f4ce3853b1022a8aeadd96d173d84e068b4f68fa" logic_hash = "6bd24640e0a3aa152fcd90b6975ee4fb7e99ab5f2d48d3a861bc804c526c90b6" score = 75 @@ -105686,8 +106854,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_00D9D0E9 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "73069b34e513ff1b742b03fed427dc947c22681f30cf46288a08ca545fc7d7dd" logic_hash = "535831872408caa27984190d1b1b1a5954e502265925d50457e934219598dbfd" score = 75 @@ -105715,8 +106883,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_650B8Ff4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "78fd2c4afd7e810d93d91811888172c4788a0a2af0b88008573ce8b6b819ae5a" logic_hash = "e8a706db010e9c3d9714d5e7a376e9b2189af382a7b01db9a9e7ee947e9637bb" score = 75 @@ -105744,8 +106912,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C8Ad7Edd : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d4915473e1096a82afdaee405189a0d0ae961bd11a9e5e9adc420dd64cb48c24" logic_hash = "be09b4bd612bb499044fe91ca4e1ab62405cf1e4d75b8e1da90e326d1c66e04f" score = 75 @@ -105773,8 +106941,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_Cb7344Eb : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "53373668d8c5dc17f58768bf59fb5ab6d261a62d0950037f0605f289102e3e56" logic_hash = "6b5e868dfd14e9b1cdf3caeb1216764361b28c1dd38849526baf5dbdb1020d8d" score = 75 @@ -105802,8 +106970,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_753E5738 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "42aeea232b28724d1fa6e30b1aeb8f8b8c22e1bc8afd1bbb4f90e445e31bdfe9" logic_hash = "7a6907b51c793e4182c1606eab6f2bcb71f0350a34aef93fa3f3a9f1a49961ba" score = 75 @@ -105831,8 +106999,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_7B9F0C28 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fc4da125fed359d3e1740dafaa06f4db1ffc91dbf22fd5e7993acf8597c4c283" logic_hash = "32abbb76c866e3a555ee6a9c39f62a0712f641959b66068abfb4379baa9a9da9" score = 75 @@ -105860,8 +107028,8 @@ rule ELASTIC_Windows_Hacktool_Sharprdp_80895Fcb : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876" logic_hash = "ef9a92f2ed29f508dca591e9c65a6ce0013ccdfd0c62770e8840be2f3ee5982e" score = 75 @@ -105893,8 +107061,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_B32C6B99 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a3b3f56a61c6dc8ba2aa25bdd9bd7dc2c5a4602c2670431c5cbc59a76e2b4c54" logic_hash = "f9e023f340edc4c46b2926e750c2ad3a3798e34415e43c0ea2d83073e3dc526a" score = 75 @@ -105928,8 +107096,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_15Eeb7B9 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746" logic_hash = "f1ab9ad69f9ea75343c7404b82a3f7a4976a442b980a98fe5b95c55d4f9cb34e" score = 75 @@ -105958,8 +107126,8 @@ rule ELASTIC_Windows_Trojan_Gozi_Fd494041 : FILE MEMORY date = "2021-03-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237" logic_hash = "fdd18817e7377f1b4006d3bf135d924b8ead62a461ea56f57157b2856ba6846b" score = 75 @@ -106000,8 +107168,8 @@ rule ELASTIC_Windows_Trojan_Gozi_261F5Ac5 : FILE MEMORY date = "2019-08-02" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f" logic_hash = "23a7427e162e2f77ee0a281fe4bc54eab29a3bdca8e51015147e8eb223e7e2f7" score = 75 @@ -106037,8 +107205,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_C851687A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7fac6fb24ac18bd69dd9f8f4090c4a77d1cc6554b6ae5c846e32d7666e5a1971" score = 75 quality = 25 @@ -106084,8 +107252,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_0B58325E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "3822431e946fcc38c700cc8ce213e95f33a155d7f38b6ab2a24cb998d42c8521" score = 75 quality = 73 @@ -106133,8 +107301,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_2B8Cddf8 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "5502c06d33b93bae3bc25ba7dd6a5a9a3b0b2b43bb7e867e601ecb206bf503ed" score = 75 quality = 43 @@ -106179,8 +107347,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59B44767 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7027d0dcbdb1961d2604f29392a923957d298a047c268553599ea8c881f76a98" score = 75 quality = 69 @@ -106216,8 +107384,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Efd3C3F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "45a0aaba6c1be016fc5f4051680ee7e3aa62e8a5d9730b7adab08c14ae37da24" score = 75 quality = 75 @@ -106251,8 +107419,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E971281 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "f204965c0118dbdfe7e134d319c92b30d22585e888609ff31df90643116a2c38" score = 75 quality = 51 @@ -106293,8 +107461,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_09B79Efa : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "75fd003b9adf03aff8479b1b10da9c94955870b5fa4f1958f870e14acb2793c7" score = 75 quality = 48 @@ -106333,8 +107501,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E77233E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "93aa11523b794402b257d02d4f9edc5ad320bfdb5b8b0f671ff08f399ef9e674" score = 75 quality = 63 @@ -106379,8 +107547,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_De42495A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "2a13c73d221d80d25a432f9e0a1387153a78f58719066586e9d80d17613293ef" score = 75 quality = 75 @@ -106420,8 +107588,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_72F68375 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "912e37829a9f99e00326745343c9e4593cd7cfb8d4dfafc66027cddcb4d883be" score = 75 quality = 63 @@ -106456,8 +107624,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_15F680Fb : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "0efe368ad82f5b0f6301121bfda9fd049b008ac246368bfa22bd976fa2c56b79" score = 75 quality = 75 @@ -106497,8 +107665,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_5B4383Ec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "033bd831209958674f6309739d65c58d05acb9d17e53cede1cf171c6d6e84efa" score = 75 quality = 75 @@ -106538,8 +107706,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_91E08059 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d5a8c1a0baa5e915cff29bcac33e30a7d7260f938ecaa6171d3aa88425a69266" score = 75 quality = 75 @@ -106576,8 +107744,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Ee756Db7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "8d594aa1b889e80000cfcedbfc470a1b768bdcc2a9c436cd449b495c91011918" score = 75 quality = 50 @@ -106655,8 +107823,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_9C0D5561 : FILE MEMORY date = "2021-03-23" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a8929266950e0f540a68c4fedf708e8ddc27f208f9f2866245ad7bb7f6d87913" score = 75 quality = 75 @@ -106696,8 +107864,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59Ed9124 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "a50fd291f5f1bf7ec41b1938a32473a23c3c082018b86eab87aff0d95b26ba06" score = 75 quality = 43 @@ -106742,8 +107910,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8A791Eb7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "d1765e6cac9b1560d6484baa1fa5a1bc0b768a72b389c7c6a60e34115669933e" score = 75 quality = 43 @@ -106788,8 +107956,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_D00573A3 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e458d41d28b76c989af6385f183f33aa9e11b93e529f032e95bd75433b80bd69" score = 75 quality = 75 @@ -106825,8 +107993,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Bcd759C : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "bfbb8e8009182e87c49242ec3da6e98b23447b646f5c7ea5f97196ae929d7c5f" score = 75 quality = 75 @@ -106857,8 +108025,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A56B820F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "52de8110727c29b0f5c75cd470ce6b80ba7821d0ba78ad074536323e2e80b460" score = 75 quality = 43 @@ -106903,8 +108071,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_92F05172 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "7f0ff4ee14a043d72810826ab9d2b90b0f66724550ba9d3cdd2abe749f4874d0" score = 75 quality = 63 @@ -106943,8 +108111,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_417239B5 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fda252747359e677459d82d65c4c9c8f2ff80bc8fd6a38712f858039f3cb8dd1" score = 75 quality = 51 @@ -107000,8 +108168,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_29374056 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "09755b23a7057c70f3ea242ec48549de65ebc6f13bdc38cbe22d6d758c3718cf" score = 75 quality = 75 @@ -107030,8 +108198,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_949F10E3 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e4b726c83013f4b9c9d61683f78a4a91935225e9ed3de0ce164b96b5a6719579" score = 75 quality = 75 @@ -107060,8 +108228,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8751Cdf9 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "64fae95fd89ad46a50a00c943cf98a997a0842a83be64b3728b25151867b75a8" score = 75 quality = 75 @@ -107090,8 +108258,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_663Fc95D : FILE MEMORY date = "2021-04-01" modified = "2021-12-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "842a0a372cfb2316293f4a08e1690194fa98368a9f6ffe9c63222b2c4ab6532c" score = 75 quality = 75 @@ -107119,8 +108287,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_B54B94Ac : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "6f63e4c31e55da2008f95e9d05391e40d44e2757c511e666032563ab798e274c" score = 75 @@ -107153,8 +108321,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_F0B627Fc : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b" logic_hash = "1087294af3a9ef59c00098f5fd7adfe0b335525e135d95e45ac30e44c6739a72" score = 75 @@ -107187,8 +108355,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Dcdcdd8C : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "f3ae07282b763d3720e45a84878cc457f65041f381951cdc9affd5e3ce67e6cc" score = 75 @@ -107222,8 +108390,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A3Fb2616 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "a3c36326ccc2bc828f6654ccaba507a283f92146fdc52f71d7d934f6908793e2" score = 75 @@ -107255,8 +108423,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8Ee55Ee5 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "d0cc321e15660311ae0b8e3261abe716a50a2455f82635c1b02d0a5444c8a89a" score = 75 @@ -107286,8 +108454,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8D5963A2 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9fe43996a5c4e99aff6e2a1be743fedec35e96d1e6670579beb4f7e7ad591af9" logic_hash = "f4f8fba807256bd885ccf4946eec8c2fb76eb04f86ed76d015178fe512a3c091" score = 75 @@ -107315,8 +108483,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_1787Eef5 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "0b70c61e986dee3126fec6eea127e01fce4b647aff8e2d2d5072eb8328549225" score = 75 @@ -107349,8 +108517,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_4106070A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "98789a11c06c1dfff7e02f66146afca597233c17e0d4900d6a683a150f16b3a4" logic_hash = "90f0209a55ca381ca58264664e04c007c799cf558f143d0c02983d4caf47bfb8" score = 75 @@ -107379,8 +108547,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_3Dc22D14 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7898194ae0244611117ec948eb0b0a5acbc15cd1419b1ecc553404e63bc519f9" logic_hash = "2f52cd5f3b782c28e372c3daa9b7ddc4d2b9f68832f5250983412c2e7a755e73" score = 75 @@ -107409,8 +108577,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7F8Da98A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e3bc2bec4a55ad6cfdf49e5dbd4657fc704af1758ca1d6e31b83dcfb8bf0f89d" logic_hash = "6c8698d65cbbf893f79ca1de5273535891418c87c234a2542f5f8079e56d9507" score = 75 @@ -107438,8 +108606,8 @@ rule ELASTIC_Windows_Exploit_Perfusion_5Ab5Ddee : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7fdef25acb0d1447203b9768ae58a8e21db24816c602b160d105dab86ae34728" logic_hash = "490f3fc89cf78dbe82f1feb012a147a8d187612720efb6e1eb4e97720b26ee59" score = 75 @@ -107470,8 +108638,8 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Courier.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Courier.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "349866d0fb81d07a35b53eac6f11176721629bbd692526851e483eaa83d690c3" logic_hash = "c318d78a11a021334c84a21db2be6d7df57440a1f3ad6feaaff9cc95ebf6f716" score = 75 @@ -107499,8 +108667,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_253C44De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e31eb8880bb084b4c642eba127e64ce99435ea8299a98c183a63a2e6a139d926" logic_hash = "81a07f60765f50c58b2c0f0153367ee570f36c579e9f88fb2f0e49ae5c08773f" score = 75 @@ -107528,8 +108696,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_535F07Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "28b2993d7c8c1d8dfce9cd2206b4a3971d0705fd797b9fde05211686297f6bb0" logic_hash = "539977c1076b71873135cfe02153da87c0e9ac17122f04570977a22c92d2694f" score = 75 @@ -107557,8 +108725,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_Dcf6565E : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "49f3086105bdc160248e66334db00ce37cdc9167a98faac98800b2c97515b6e7" logic_hash = "2bc943e100548e9aacd97930b3230353be760c8a292dbbbd1d0b5646f647c4fe" score = 75 @@ -107586,8 +108754,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_91091Be3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dca574d13fcbd7d244d434fcbca68136e0097fefc5f131bec36e329448f9a202" logic_hash = "3b55cb3be5775311af4dc90f9624448d30cc58ef1a42729f6ca4eb3b36ad8b06" score = 75 @@ -107615,8 +108783,8 @@ rule ELASTIC_Windows_Trojan_Svcready_Af498D39 : FILE MEMORY date = "2022-06-12" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "08e427c92010a8a282c894cf5a77a874e09c08e283a66f1905c131871cc4d273" logic_hash = "e3520103064cf82cd1747f8889667929d23466c9febfda7e4968a3679db97d71" score = 75 @@ -107648,8 +108816,8 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5" logic_hash = "484576ab5369f99dc7086d724ead12d464f2bedaf84c93b74e137ddd98600b06" score = 75 @@ -107668,6 +108836,79 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE condition: all of them } +rule ELASTIC_Linux_Rootkit_Diamorphine_716C7Ffa : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Diamorphine (Linux.Rootkit.Diamorphine)" + author = "Elastic Security" + id = "716c7ffa-ea57-4ac2-9d23-9873bc8f83bd" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Diamorphine.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "01fb490fbe2c2b5368cc227abd97e011e83b5e99bb80945ef599fc80e85f8545" + logic_hash = "29ae87a563085ff0e4821a994ede16fa3f6fec693418c2e92ac90b839fcfa7cf" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "59f9657c8ee1f6d05020a3565d08230d10185968c8b064f462ee54a4db8db3d6" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "author=m0nad" + $str2 = "description=LKM rootkit" + $str3 = "name=diamorphine" + $license1 = "license=Dual BSD/GPL" + $license2 = "license=GPL" + + condition: + 2 of ($str*) and 1 of ($license*) +} +rule ELASTIC_Linux_Rootkit_Diamorphine_66Eb93C7 : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Diamorphine (Linux.Rootkit.Diamorphine)" + author = "Elastic Security" + id = "66eb93c7-3f26-43ce-b43e-550c6fd44927" + date = "2024-11-13" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Diamorphine.yar#L25-L54" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "01fb490fbe2c2b5368cc227abd97e011e83b5e99bb80945ef599fc80e85f8545" + logic_hash = "26063aacb585825f5d6b56d0d671e94efb273605175f4164d271c8edfdbc150a" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "e045a6f3359443a11fa609eefedb0aa92f035e91e087e3472461c10bb28f0cc1" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $rk1 = "sys_call_table" + $rk2 = "kallsyms_lookup_name" + $rk3 = "retpoline=Y" + $func1 = "get_syscall_table_bf" + $func2 = "is_invisible" + $func3 = "hacked_getdents64" + $func4 = "orig_getdents64" + $func5 = "give_root" + $func6 = "module_show" + $func7 = "module_hide" + $func8 = "hacked_kill" + $func9 = "write_cr0_forced" + + condition: + 1 of ($rk*) and 3 of ($func*) +} rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY { meta: @@ -107677,8 +108918,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "9fcfe41102bee4f8ecf19f30d0bbb2de50e1a1aff4e17c587b5d9adb417527c5" score = 75 quality = 75 @@ -107708,8 +108949,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_Ff55774D : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "9ee41b9638a8cc1d9f9b254878c935c531b2f599be59550b3617b1de8cba2ba5" score = 75 quality = 75 @@ -107737,8 +108978,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_11Ea7Be5 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "1f86695f316200c92d0d02f5f3ba9f68854978f98db5d4291a81c06c9f0b8d28" score = 75 quality = 75 @@ -107766,8 +109007,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_06B2Dff5 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17" logic_hash = "4361e6e74d6678d9e0823b23a7a2e4ae84119142cad319950154f806115845d5" score = 75 @@ -107795,8 +109036,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_B39839F4 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc" logic_hash = "553111c64d8abfc3688a88dd95088de0ea7e92f68592e9a778f8041b40071e84" score = 75 @@ -107824,8 +109065,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_A1E53450 : FILE MEMORY CVE_2012_0056 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6" logic_hash = "f2ab5de83c36a9a834e41c8f6fdccd0dffdeb384adf7b1e1098e86a2ac52df18" score = 75 @@ -107853,8 +109094,8 @@ rule ELASTIC_Windows_Hacktool_Sharpapplocker_9645Cf22 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965" logic_hash = "cb72ecf7715b288acddac51dab091d84c64e3bd30276cba38a0d773e6693875c" score = 75 @@ -107885,8 +109126,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "65fb8baa5ec3bfb4473e4b2f565b461dd59989d43c72b1c5ec2e1a68baa8b51a" logic_hash = "cc80e0b2355877cd9ceecae19d4dcebb641d90a24c0751bf706134b31bf26750" score = 75 @@ -107915,8 +109156,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_7F5672D0 : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1a4517d2582ac97b88ae568c23e75beba93daf8518bd3971985d6a798049fd61" logic_hash = "e25907f11a2f292441a96e19834ad89636593a3f8998ec0010e43830f5aa0c64" score = 75 @@ -107949,8 +109190,8 @@ rule ELASTIC_Windows_Vulndriver_Procid_86605Fa9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29" logic_hash = "882cdbd267d812e77e68e7080f1fca0ca3d7e75ab84c583c3ec148894b1cf644" score = 75 @@ -107978,8 +109219,8 @@ rule ELASTIC_Windows_Vulndriver_Winflash_881758Da : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026" logic_hash = "a46ac1f19ba5d9543c88434575870b61fbb935cd4c4e28cb80a077502af7d2db" score = 75 @@ -108007,8 +109248,8 @@ rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a322b230a3451fd11dcfe72af4da1df07183d6aaf1ab9e062f0e6b14cf6d23cd" logic_hash = "97d6b1b641c4b5b596b67a809e8e70bb0bccb9219282cd6c41bc905e2ea44c84" score = 75 @@ -108036,8 +109277,8 @@ rule ELASTIC_Linux_Rootkit_Dakkatoni_010D3Ac2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "38b2d033eb5ce87faa4faa7fcac943d9373e432e0d45e741a0c01d714ee9d4d3" logic_hash = "51119321f29aed695e09da22d3234eae96db93e8029d4525d018e56c7131f7b8" score = 75 @@ -108065,8 +109306,8 @@ rule ELASTIC_Windows_Trojan_Ghostengine_8Ea2Aa65 : FILE MEMORY date = "2024-05-07" modified = "2024-05-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2fe78941d74d35f721556697491a438bf3573094d7ac091b42e4f59ecbd25753" logic_hash = "3bddd2ac79d92d34df5d2df4a11cf96cc44ca39c3baece1b5c67b75a682778ff" score = 75 @@ -108101,8 +109342,8 @@ rule ELASTIC_Macos_Trojan_Eggshell_Ddacf7B9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b" logic_hash = "f986f7d1e3a68e27f82048017c6d6381a0354ffad2cd10f3eee69bbbfa940abd" score = 75 @@ -108134,8 +109375,8 @@ rule ELASTIC_Windows_Trojan_Azorult_38Fce9Ea : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491" logic_hash = "e23b21992b7ff577d4521c733929638522f4bf57b54c72e5e46196d028d6be26" score = 75 @@ -108167,8 +109408,8 @@ rule ELASTIC_Windows_Exploit_Fakepipe_6Bc93551 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "545a41ccfcd0a4f09c1c62bef2dde61b52fa92abada71ab72b3f4febb9265f75" logic_hash = "daf78c4a2db337f51054e108b5b54c8aa32300eae3bd39c5fc2d4769221c8aea" score = 75 @@ -108199,8 +109440,8 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE date = "2024-03-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Fileseclab.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Fileseclab.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12" logic_hash = "bac78186f3d46c6765bacaf6a324ff94e449261cefe2594cb38c4cc25db1f0de" score = 75 @@ -108224,6 +109465,45 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE condition: int16 ( uint32(0x3C)+0x5c)==0x0001 and 1 of ($a*) and 1 of ($b*) } +rule ELASTIC_Linux_Rootkit_Bedevil_2Af79Cea : FILE MEMORY +{ + meta: + description = "Detects Linux Rootkit Bedevil (Linux.Rootkit.Bedevil)" + author = "Elastic Security" + id = "2af79cea-f861-4db6-9036-ee6aeb96acd6" + date = "2024-11-14" + modified = "2024-11-22" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Rootkit_Bedevil.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" + hash = "8f8c598350632b32e72cd6af3a0ca93c05b4d9100fd03e2ae1aec97a946eb347" + logic_hash = "3acded46df45f88cf2cdd0eab424810d3dab51cac90845574a1361301e72be23" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "293f3a8a126f2f271f8ecc9dcb3a9d19338f79aeec2d9d5fdc66e198b1e45298" + severity = 100 + arch_context = "x86, arm64" + scan_context = "file, memory" + license = "Elastic License v2" + os = "linux" + + strings: + $str1 = "bdvinstall" + $str2 = "putbdvlenv" + $str3 = "bdvprep" + $str4 = "bdvcleanse" + $str5 = "dobdvutil" + $str6 = "forge_maps" + $str7 = "forge_smaps" + $str8 = "forge_numamaps" + $str9 = "forge_procnet" + $str10 = "secret_connection" + $str11 = "dropshell" + + condition: + 4 of ($str*) +} rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY { meta: @@ -108233,8 +109513,8 @@ rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "107f844f19e638866d8249e6f735daf650168a48a322d39e39d5e36cfc1c8659" logic_hash = "853d44465a472786bb48bbe1009e0ff925f79e4fd72f0eac537dd271c1ec3703" score = 75 @@ -108264,8 +109544,8 @@ rule ELASTIC_Windows_Ransomware_Cicada3301_99Fee259 : FILE MEMORY date = "2024-09-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Cicada3301.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Cicada3301.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e" logic_hash = "18996d70192b0e997eba70c22ed70a2611a7e038a8825308f4d3d002b681939b" score = 75 @@ -108297,8 +109577,8 @@ rule ELASTIC_Windows_Ransomware_Blackbasta_494D3C54 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "357fe8c56e246ffacd54d12f4deb9f1adb25cb772b5cd2436246da3f2d01c222" logic_hash = "1ecb3c95a2d3f91d267f0b625fffc8477612fde9de3942eff8eb13115c0af6b8" score = 75 @@ -108334,8 +109614,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_Ccf88A37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "77833cdb319bc8e22db2503478677d5992774105f659fe7520177a691c83aa91" score = 75 @@ -108363,8 +109643,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_5Fb2Efd5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0" logic_hash = "4c247f40c9781332f04f82a244f6e8e22c9c744963f736937eddecf769b40a54" score = 75 @@ -108392,8 +109672,8 @@ rule ELASTIC_Windows_Trojan_Parallax_D72Ec0E2 : FILE MEMORY date = "2022-09-05" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "6c2c84624912f3b612ae435cf3e8000192a1b168b30205ed4a93b7fab7e336ad" score = 75 quality = 75 @@ -108423,8 +109703,8 @@ rule ELASTIC_Windows_Trojan_Parallax_B4Ea4F1A : FILE MEMORY date = "2022-09-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "731fe7bd339ec6b0372b4809004a21f53537bd82f084960b8d018f994dcdc06a" score = 75 quality = 42 @@ -108464,8 +109744,8 @@ rule ELASTIC_Linux_Ransomware_Hellokitty_35731270 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "556e5cb5e4e77678110961c8d9260a726a363e00bf8d278e5302cb4bfccc3eed" logic_hash = "40cb632d6b8561de56f2010a082a24b0c50d4cabed21e073168b5302ddff7044" score = 75 @@ -108495,8 +109775,8 @@ rule ELASTIC_Windows_Packer_Scrubcrypt_6A75A4Bb : FILE MEMORY date = "2023-04-18" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "05c1eea2ff8c31aa5baf1dfd8015988f7e737753275ed1c8c29013a3a7414b50" logic_hash = "edcaa6f1cc85ef084ae5bf2524f39869a90b008dce85e72bca4835565f067ca7" score = 75 @@ -108525,8 +109805,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_7Efaef9F : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fa547d7c1623b332ef306672dd2293b44016d9974c1a3ec4b15e5ae0483ff879" score = 75 @@ -108558,8 +109838,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_B60A50B8 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fe585ab7efbc3b500ea23d1c164bc79ded658001e53fc71721e435ed7579182a" score = 75 @@ -108587,8 +109867,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_F9F9E79D : FILE MEMORY date = "2022-04-23" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "a71d75719133e8b84956ec002cb31f82386ef711fa2af79d204d176492cd354b" score = 75 @@ -108616,8 +109896,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY date = "2022-04-24" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "88783bde7014853f6556c6e7ee2dfd5cd5fcbfb4523ed158b4287e2bfba409f1" score = 75 @@ -108649,8 +109929,8 @@ rule ELASTIC_Windows_Trojan_Revengerat_Db91Bcc6 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "30d8f81a19976d67b495eb1324372598cc25e1e69179c11efa22025341e455bd" logic_hash = "1e33cb1d614aae0b2181ebaca694c69e7fc849b3a3b7ffff7059e8c43553f8cc" score = 75 @@ -108681,8 +109961,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_579A3A4D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "84afc47554cf42e76ef8d28f2d29c28f3d35c2876cec2fb1581b0ac7cfe719dd" logic_hash = "6579630a4fb6cf5bc8ccb2e4f93f5d549baa6ea9b742b2ee83a52f07352c4741" score = 75 @@ -108710,8 +109990,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_0A370634 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "cf924ba45a7dba19fe571bb9da8c4896690c3ad02f732b759a10174b9f61883f" score = 75 quality = 75 @@ -108738,8 +110018,8 @@ rule ELASTIC_Linux_Hacktool_Exploitscan_4327F817 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "66c6d0e58916d863a1a973b4f5cb7d691fbd01d26b408dbc8c74f0f1e4088dfb" logic_hash = "7797d9bd75dff355e1ee84b856e77cf9e886dfe727fb8ce7a6fdbe5ed1eb0985" score = 75 @@ -108767,8 +110047,8 @@ rule ELASTIC_Linux_Backdoor_Tinyshell_67Ee6Fae : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9d2e25ec0208a55fba97ac70b23d3d3753e9b906b4546d1b14d8c92f8d8eb03d" logic_hash = "200d4267e21b8934deecc48273294f2e34464fcb412e39f3f5a006278631b9f1" score = 75 @@ -108799,8 +110079,8 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847 date = "2022-03-10" modified = "2022-03-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c6b2cef2f2bc04e3ae33e0d368eb39eb5ea38d1bca390df47f7096117c1aecca" logic_hash = "e15daf5de9bf66060e373a6e772669eade543ed56bef6b6924a0ee44e59522e1" score = 75 @@ -108836,8 +110116,8 @@ rule ELASTIC_Windows_Vulndriver_Atillk_18316Dd9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173" logic_hash = "02d218d0a0ea447e4ad0b03bff50c307ca5f36b8ed268787cd73c88a05aa4214" score = 75 @@ -108867,8 +110147,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_E2E0Dff1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d38b9e76cbc863f69b29fc47262ceafd26ac476b0ae6283d3fa50985f93bedf3" logic_hash = "ec7d12296383ca0ed20e3221fb96b9dbdaf6cc7f07f5c8383e43489a9fd6fcfe" score = 75 @@ -108896,8 +110176,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_F90C7E43 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "79475a66be8741d9884bc60f593c81a44bdb212592cd1a7b6130166a724cb3d3" logic_hash = "2d995722b06ce51a5378e395896764421f84afcf6b13855a87ed43d9b9e38982" score = 75 @@ -108925,8 +110205,8 @@ rule ELASTIC_Multi_Ransomware_Ransomhub_4A8A07Cd : FILE MEMORY date = "2024-09-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Multi_Ransomware_RansomHub.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Multi_Ransomware_RansomHub.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bfbbba7d18be1aa2e85390fa69a761302756ee9348b7343af6f42f3b5d0a939c" logic_hash = "8e2d062e890cf66418c18ce8988c0ac4744c9f00fdc296e8dd91df39ec240abe" score = 75 @@ -108961,8 +110241,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_1916686D : FILE MEMORY date = "2022-06-23" modified = "2022-12-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "e0e7b8ba2865fc76845b21aa3e075ceab98888635a60bd722c0c81e0f4fcf58c" score = 75 quality = 75 @@ -109002,8 +110282,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_9B267F96 : FILE MEMORY date = "2022-06-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "fbaaf4bf2462119b39a5df90b91fb831be3e602b926cd893374a5dddf48f029d" score = 75 quality = 75 @@ -109037,8 +110317,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_684A39F2 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c" logic_hash = "7cb74176e1dbdd248295649568d29c9d88841fcd0c16479b6b7efc71c4a1d706" score = 75 @@ -109073,8 +110353,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_Ade6C9D5 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4" logic_hash = "8ff8ed1e2b909606fe6aae3f43ad02898d7b3906c3d329a508f6d40490ec75a0" score = 60 @@ -109107,8 +110387,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_4110D879 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e0fbbc548fdb9da83a72ddc1040463e37ab6b8b544bf0d2b206bfff352175afe" logic_hash = "22c27523ddd8183c41da40f7ff908ae5bdee3b482c8a3f70aaa63a4c419e515b" score = 75 @@ -109137,8 +110417,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY date = "2024-02-21" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8165798fec8294523f25aedfc6699faad0c5d75f60bc7cefcbb2fa13dbc656e3" logic_hash = "b86296dafaef1dfa0a41704cafa351694abb0e453e104dfe06836ed599338f38" score = 75 @@ -109166,8 +110446,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5E383Ae0 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f" logic_hash = "5d87ada1c609e23742c389f8153a9266c4db95be4a5e10b50979aebc993a45e0" score = 75 @@ -109209,8 +110489,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY date = "2024-04-17" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ace6a99d95ef859d4ab74db6900753e754273a12a34721f1aa8f1a9df3d8ec35" logic_hash = "06ffea16a0348f2276f379db150b5f9d2dbdffbcb2eee83c55c27c837ecb1e69" score = 75 @@ -109239,8 +110519,8 @@ rule ELASTIC_Windows_Ransomware_Avoslocker_7Ae4D4F2 : FILE MEMORY date = "2021-07-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856" logic_hash = "c87faf6f128fd6a8cabd68ec8de72fb10e6be42bdbe23ece374dd8f3cf0c1b15" score = 75 @@ -109272,8 +110552,8 @@ rule ELASTIC_Windows_Trojan_Kronos_Cdd2E2C5 : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f" logic_hash = "a8943c5ef166446629cb46517d35db39c97a1e3efa3a7a0b5cb3d3ee9d1e6e9c" score = 75 @@ -109308,8 +110588,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_C9Cc6D00 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf" logic_hash = "4b6a78c2c807cf1f569ae9bc275d42d9c895efba7a2d64fec0652e3cb163d553" score = 75 @@ -109337,8 +110617,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_B0F21A70 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374" logic_hash = "c82d95e805898f9a9a1ffccb483e506df0a53dc420068314e7c724e4947f3572" score = 75 @@ -109366,8 +110646,8 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1" logic_hash = "5a5e157a245a75033abbe6bc7aa66fe6af6d91dc30abe1fdadce85f8f3905b1e" score = 75 @@ -109399,8 +110679,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "c2542e399f865b5c490ee66b882f5ff246786b3f004abb7489ec433c11007dda" logic_hash = "d945c7a23b9f435851f3c998231da615e220c259051cf213186c28f3279be1dd" score = 75 @@ -109428,8 +110708,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_1F1Cfe9A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "497a6d426ff93d5cd18cea623074fb209d4f407a02ef8f382f089f1ed3f108c5" logic_hash = "2171284991b0019379c8d271013a35237c37bc2e13d807caed86f8fb9d2ba418" score = 75 @@ -109457,8 +110737,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_928812A7 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91" logic_hash = "82ca874d60d8a0ee04aca39f59415f22797e7e0337314c88dd8ebad1a823d200" score = 75 @@ -109487,8 +110767,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_7C86D260 : FILE MEMORY date = "2024-07-16" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Zam.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Zam.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c" logic_hash = "cc29f26c222825eb5262d91065a00243bc913fe2071d8ad6b0dc61dd22798f1e" score = 75 @@ -109518,8 +110798,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_59E029C3 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3" logic_hash = "64620a3404b331855d0b8018c1626c88cb28380785beac1a391613ae8dc1b1bf" score = 75 @@ -109551,8 +110831,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_0F768F60 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155" logic_hash = "1aaa74c2d8fbb230cbfc0e08fd6865b5f7e90e4abcdb97121e52afb7569b2dbc" score = 75 @@ -109585,8 +110865,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_8453771B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "546e5c56ceb6b99db14dc225a2ec4872cb54859a0f2f6ad520d4f446793e031e" score = 75 @@ -109621,8 +110901,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F690Fe3B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "35c6be75348a30f415a1a4bb94ae7e3a2f49f54a0fb3ddc4bae1aa3e03c1a909" score = 75 @@ -109650,8 +110930,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_1A7D804B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925" logic_hash = "b0c4b168d92947e599e8c74d0ae6a91766c8a034c34e9c07e2472620c9b61037" score = 75 @@ -109686,8 +110966,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_E14B0B79 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a" logic_hash = "7cdf111ae253bffef7243ad3722f1a79f81f45d80f938f9542af8e056f75d3fc" score = 75 @@ -109719,8 +110999,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F1Cd26Ad : FILE MEMORY date = "2023-05-11" modified = "2023-05-16" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "afa8a32ec29a31f152ba20a30eb483520fe50f2dce6c9aa9135d88f7c9c511d7" logic_hash = "ad3e130d5a1203c55b5c8d369c7d9989f66f76c9bd57e2314a30f4c931e4b98d" score = 75 @@ -109750,8 +111030,8 @@ rule ELASTIC_Linux_Trojan_Bish_974B4B47 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Bish.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Bish.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9171fd2bbe182f0a3cd35937f3ee0076c9358f52f5bc047498dd9e233ae11757" logic_hash = "c5a7d036c89fe50626da51486d19ee731ad28cbc8d36def075d8f33a7b68961f" score = 75 @@ -109779,8 +111059,8 @@ rule ELASTIC_Windows_Vulndriver_Eneio_6E01882F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347" logic_hash = "144ac5375cb637b6301a2275f2412fbd0d0c5fb23105c7cce5aa7912cf68fa2c" score = 75 @@ -109808,8 +111088,8 @@ rule ELASTIC_Linux_Trojan_Sysrv_85097F24 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "17fbc8e10dea69b29093fcf2aa018be4d58fe5462c5a0363a0adde60f448fb26" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "96bee8b9b0e9c2afd684582301f9e110fd08fcabaea798bfb6259a4216f69be1" score = 75 quality = 75 @@ -109836,8 +111116,8 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mech.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mech.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "710d1a0a8c7eecc6d793933c8a97cec66d284b3687efee7655a2dc31d15c0593" logic_hash = "268aeb25d6468412d8123bab5eb2c8bd7704828d0ef3c3d771aa036e374127d7" score = 75 @@ -109865,8 +111145,8 @@ rule ELASTIC_Linux_Trojan_Godropper_Bae099Bd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "704643f3fd11cda1d52260285bf2a03bccafe59cfba4466427646c1baf93881e" logic_hash = "ef6274928f7cfc0312122ac3e4153fb0a78dc7d5fb2d68db6cbe4974f5497210" score = 75 @@ -109894,8 +111174,8 @@ rule ELASTIC_Windows_Trojan_Emotet_18379A8D : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "2ad72ce2a352b91a4fa597ee9e796035298cfcee6fdc13dd3f64579d8da96b97" score = 75 @@ -109923,8 +111203,8 @@ rule ELASTIC_Windows_Trojan_Emotet_5528B3B0 : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "bb784ab0e064bafa8450b6bb15ef534af38254ea3c096807571c2c27f7cdfd76" score = 75 @@ -109952,8 +111232,8 @@ rule ELASTIC_Windows_Trojan_Emotet_1943Bbf2 : FILE MEMORY date = "2021-11-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5abec3cd6aa066b1ddc0149a911645049ea1da66b656c563f9a384e821c5db38" logic_hash = "41838e335b9314b8759922f23ec8709f46e6a26633f3685ac98ada5828191d35" score = 75 @@ -109981,8 +111261,8 @@ rule ELASTIC_Windows_Trojan_Emotet_Db7D33Fa : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc" logic_hash = "e220c112c15f384fde6fc2286b01c7eb9bedcf4817d02645d0fa7afb05e7b593" score = 75 @@ -110017,8 +111297,8 @@ rule ELASTIC_Windows_Trojan_Emotet_D6Ac1Ea4 : FILE MEMORY date = "2022-05-24" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71" logic_hash = "9b37940ea8752c6db52d4f09225de0389438c41468a11a7cda8f28b191192ef9" score = 75 @@ -110049,8 +111329,8 @@ rule ELASTIC_Windows_Trojan_Emotet_77C667B9 : FILE MEMORY date = "2022-11-07" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "f11769fe5e9789b451e8826c5fd22bde5b3eb9f7af1d5fec7eec71700fc1f482" score = 75 @@ -110087,8 +111367,8 @@ rule ELASTIC_Windows_Trojan_Emotet_8B9449C1 : FILE MEMORY date = "2022-11-09" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "5501354ebc1d97fe5ce894d5907adb29440f557f2dd235e1e983ae2d109199a2" score = 75 @@ -110117,8 +111397,8 @@ rule ELASTIC_Windows_Vulndriver_Amifldrv_E387D5Ad : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330" logic_hash = "14d75b5aff2c82d69b041c654cdc0840f6b6e37a197f5c0c1c2698c9e8eba3e2" score = 60 @@ -110146,8 +111426,8 @@ rule ELASTIC_Windows_Hacktool_Gmer_8Aabdd5E : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7" logic_hash = "acdab89a7703a743927cec60fbc84af2fd469403bee6f211c865fb96e9c92498" score = 75 @@ -110175,8 +111455,8 @@ rule ELASTIC_Windows_Ransomware_Ransomexx_Fabff49C : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7" logic_hash = "67d5123b706685ea5ab939aec31cb1549297778d91dd38b14e109945c52da71a" score = 75 @@ -110207,8 +111487,8 @@ rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "023a7f9ed082d9dd7be6eba5942bfa77f8e618c2d15a8bc384d85223c5b91a0c" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" logic_hash = "be33fdda50ef0ea1a0cf45835cc2b7a805cecb3fff371ed6d93e01c2d477d867" score = 75 quality = 75 @@ -110235,8 +111515,8 @@ rule ELASTIC_Windows_Trojan_Zloader_5Dd0A0Bf : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "1446a4147e1b06fa66907de857011079c55a8e6bf84276eb8518d33468ba1f83" score = 75 @@ -110264,8 +111544,8 @@ rule ELASTIC_Windows_Trojan_Zloader_4Fe0F7F1 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "b20fafc9db08c7668b49e18f45632594c3a69ec65fe865e79379c544fc424f8d" score = 75 @@ -110293,8 +111573,8 @@ rule ELASTIC_Windows_Trojan_Zloader_363C65Ed : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "d3c530f9929db709067a9e1cc59b9cda9dcd8e19352c79ddaf7af6c91b242afd" score = 75 @@ -110322,8 +111602,8 @@ rule ELASTIC_Windows_Trojan_Zloader_79535191 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "c398a8ca46c6fe3e59481a092867be77a94809b1568cea918aa6450374063857" score = 75 @@ -110351,8 +111631,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_18Fc60E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "75db45ccbeb558409ee9398065591472d4aee0382be5980adb9d0fb41e557789" score = 75 @@ -110380,8 +111660,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_3C593Bc3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "94a0d33b474b3c60e926eaf06147eb0fdc56beac525f25326448bf2a5177d9c0" score = 75 @@ -110409,8 +111689,8 @@ rule ELASTIC_Linux_Trojan_Mettle_E8Fdbcbd : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "d13c1e7fb815ebbefa78922e9b85a1ced015c03b8f1b2cf1885a9c483b8e0ab3" score = 75 @@ -110442,8 +111722,8 @@ rule ELASTIC_Linux_Trojan_Mettle_813B9B6C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "bb651d974ca3f349858db7b5a86f03a8d47d668294f27e709a823fa11e6963d7" logic_hash = "a6a9cf424bf1ca7985e1c4b14123ed236208ffa3f7c9ffebbdd85765a90bfa54" score = 75 @@ -110480,8 +111760,8 @@ rule ELASTIC_Linux_Trojan_Mettle_78Aead1C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "d68d37379b8a3a2d242030fd14884781488e9785823aa25fedfdd406748f8039" score = 75 @@ -110518,8 +111798,8 @@ rule ELASTIC_Windows_Trojan_Grandoreiro_51236Ba2 : FILE MEMORY date = "2022-08-23" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1bdf381e7080d9bed3f52f4b3db1991a80d3e58120a5790c3d1609617d1f439e" logic_hash = "9a8549a1dd82f56458ea8aee5c30243ac073d15c820de28d78a58d2c067b10d6" score = 75 @@ -110551,8 +111831,8 @@ rule ELASTIC_Linux_Exploit_Enoket_79B52A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "204082a3be602b3f6aebb013a46e6f9c98b5dad2476350afa60c1954b13598fe" score = 75 @@ -110580,8 +111860,8 @@ rule ELASTIC_Linux_Exploit_Enoket_5969A348 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae" logic_hash = "e47af0fba86c9152d17911b984070a8419b98da8916538ebb1065a5348da6e31" score = 75 @@ -110609,8 +111889,8 @@ rule ELASTIC_Linux_Exploit_Enoket_80Fac3E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128" logic_hash = "19cb7f02ca80095293c4a09f7ea616c31364af1e4189a9211aaba54aaa2db14e" score = 75 @@ -110638,8 +111918,8 @@ rule ELASTIC_Linux_Exploit_Enoket_7Da5F86A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550" logic_hash = "df5769a87230f5e563849302f32673b5f5de2595e12de72c27921d45edc58928" score = 75 @@ -110667,8 +111947,8 @@ rule ELASTIC_Linux_Exploit_Enoket_C77C0D6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "504d61715bd5dba7f777fcb2d62eb53d8d54dad2dcf93f2fc2d7dcd359c4b994" score = 75 @@ -110696,8 +111976,8 @@ rule ELASTIC_Linux_Exploit_Enoket_Fbf508E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "21b1d69677c3fddb210dcf5947e8321abccd5a1ebbde8438a83fee5d4b29443d" score = 75 @@ -110725,8 +112005,8 @@ rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "df430ab9f5084a3e62a6c97c6c6279f2461618f038832305057c51b441c648d9" logic_hash = "1ef7267438b8d15ed770f0784a7d428cbc2680144b0ef179337875d5b4038d08" score = 75 @@ -110755,8 +112035,8 @@ rule ELASTIC_Linux_Generic_Threat_Ea5Ade9A : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d75189d883b739d9fe558637b1fab7f41e414937a8bae7a9d58347c223a1fcaa" logic_hash = "12a9b5e54d6d528ecb559b6e2ea3aa72effa7f0efbf2c33581a4efedc292e4c1" score = 75 @@ -110784,8 +112064,8 @@ rule ELASTIC_Linux_Generic_Threat_80Aea077 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "002827c41bc93772cd2832bc08dfc413302b1a29008adbb6822343861b9818f0" logic_hash = "cab860ad5f0c49555adb845504acb4dbeabb94dbc287202be35020e055e6f27b" score = 75 @@ -110813,8 +112093,8 @@ rule ELASTIC_Linux_Generic_Threat_2E214A04 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cad65816cc1a83c131fad63a545a4bd0bdaa45ea8cf039cbc6191e3c9f19dead" logic_hash = "0d29aa6214b0a05f9af10cdc080ffa33452156e13c057f31997630cebcda294a" score = 75 @@ -110843,8 +112123,8 @@ rule ELASTIC_Linux_Generic_Threat_0B770605 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "99418cbe1496d5cd4177a341e6121411bc1fab600d192a3c9772e8e6cd3c4e88" logic_hash = "d4aae755870765a119ee7ae648d4388e0786e8ab6f7f196d81c6356be7d0ddfb" score = 75 @@ -110873,8 +112153,8 @@ rule ELASTIC_Linux_Generic_Threat_92064B27 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8e5cfcda52656a98105a48783b9362bad22f61bcb6a12a27207a08de826432d9" logic_hash = "adb9ed7280065f77440bd1e106bc800ebe6251119151cd54b76dc2917b013f65" score = 75 @@ -110902,8 +112182,8 @@ rule ELASTIC_Linux_Generic_Threat_De6Be095 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L124-L143" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L124-L143" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2431239d6e60ca24a5440e6c92da62b723a7e35c805f04db6b80f96c8cf9fee6" logic_hash = "cbd7578830169703b047adb1785b05d226f2507a65c203ee344d8e2b3a24f6c9" score = 75 @@ -110932,8 +112212,8 @@ rule ELASTIC_Linux_Generic_Threat_898D9308 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L145-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L145-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ce89863a16787a6f39c25fd15ee48c4d196223668a264217f5d1cea31f8dc8ef" logic_hash = "8b5deedf18d660d0b76dc987843ff5cc01432536a04ab4925e9b08269fd847e4" score = 75 @@ -110962,8 +112242,8 @@ rule ELASTIC_Linux_Generic_Threat_23D54A0E : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "7e52eaf9c49bd6cbdb89b0c525b448864e1ea55d00bc052898613174fe5956cc" score = 75 @@ -110992,8 +112272,8 @@ rule ELASTIC_Linux_Generic_Threat_D7802B0A : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L187-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L187-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "3e1452204fef11d63870af5f143ae73f4b8e5a4db83a53851444fbf8a0ea6a26" score = 75 @@ -111021,8 +112301,8 @@ rule ELASTIC_Linux_Generic_Threat_08E4Ee8C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L207-L225" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L207-L225" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea" logic_hash = "a927415afbab32adee49a583fc35bc3d44764f87bbbb3497b38af6feb92cd9a8" score = 75 @@ -111050,8 +112330,8 @@ rule ELASTIC_Linux_Generic_Threat_D60E5924 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L227-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L227-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fdcc2366033541053a7c2994e1789f049e9e6579226478e2b420ebe8a7cebcd3" logic_hash = "012111e4a38c1f901dcd830cc26ef8dcfbde7986fcc8b8eebddb8d8b7a0cec6a" score = 75 @@ -111080,8 +112360,8 @@ rule ELASTIC_Linux_Generic_Threat_6Bed4416 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L248-L266" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L248-L266" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "c098e27a12d5d10af67d1b78572bc7daeb500504527428366e1d9a4e55e0f4d7" score = 75 @@ -111109,8 +112389,8 @@ rule ELASTIC_Linux_Generic_Threat_Fc5B5B86 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L268-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L268-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "134b063d9b5faed11c6db6848f800b63748ca81aeca46caa0a7c447d07a9cd9b" logic_hash = "a11ed323df7283188cf99ca89abbd18673fef88660df1150d4dc72de04a836a8" score = 75 @@ -111138,8 +112418,8 @@ rule ELASTIC_Linux_Generic_Threat_2C8D824C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L288-L306" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L288-L306" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9106bdd27e67d6eebfaec5b1482069285949de10afb28a538804ce64add88890" logic_hash = "c8fc90ec5e93ff39443f513e83f34140819a30b737da2a412ba97a7b221ca9dc" score = 75 @@ -111167,8 +112447,8 @@ rule ELASTIC_Linux_Generic_Threat_936B24D5 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L308-L326" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L308-L326" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "fb8eb0c876148a4199cc873b84fd9c1c6abc1341e02d118f72ffb0dae37592a4" logic_hash = "972bbc4950c49ff7bc880b1d24b586072eb8541584b97a00ac501fac133a3157" score = 75 @@ -111196,8 +112476,8 @@ rule ELASTIC_Linux_Generic_Threat_98Bbca63 : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L328-L347" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L328-L347" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1d4d3d8e089dcca348bb4a5115ee2991575c70584dce674da13b738dd0d6ff98" logic_hash = "1728d47b3f364cff02ae61ccf381ecab0c1fe46a5c76d832731fdf7acc1caf55" score = 75 @@ -111226,8 +112506,8 @@ rule ELASTIC_Linux_Generic_Threat_9Aaf894F : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L349-L367" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L349-L367" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "467ac05956eec6c74217112721b3008186b2802af2cafed6d2038c79621bcb08" logic_hash = "b28d6a8c23aba4371e2e5f48861d2bcc8bdfa7212738eda7b1b4a3059d159cf2" score = 75 @@ -111255,8 +112535,8 @@ rule ELASTIC_Linux_Generic_Threat_Ba3A047D : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L369-L388" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L369-L388" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3064e89f3585f7f5b69852f1502e34a8423edf5b7da89b93fb8bd0bef0a28b8b" logic_hash = "ffcfb90c0c796b7b343adbd2142193759ececddd0700c0bb4e2898947464b1a2" score = 75 @@ -111285,8 +112565,8 @@ rule ELASTIC_Linux_Generic_Threat_902Cfdc5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L390-L408" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L390-L408" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3fa5057e1be1cfeb73f6ebcdf84e00c37e9e09f1bec347d5424dd730a2124fa8" logic_hash = "0f86914cb598262744660e65048f75d071307ae47d069971bfcd049a7d4b36e5" score = 75 @@ -111314,8 +112594,8 @@ rule ELASTIC_Linux_Generic_Threat_094C1238 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L410-L428" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L410-L428" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2bfe7d51d59901af345ef06dafd8f0e950dcf8461922999670182bfc7082befd" logic_hash = "fb82e16bf153c88377cc8655557bc1f021af6e04e1160129ce9555e078d00a0d" score = 75 @@ -111343,8 +112623,8 @@ rule ELASTIC_Linux_Generic_Threat_A8Faf785 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L430-L448" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L430-L448" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6028562baf0a7dd27329c8926585007ba3e0648da25088204ebab2ac8f723e70" logic_hash = "3ab5d9ba39be2553173f6eb4d2a1ca22bfb9f1bd537fed247f273eba1eabd782" score = 75 @@ -111372,8 +112652,8 @@ rule ELASTIC_Linux_Generic_Threat_04E8E4A5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L450-L468" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L450-L468" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "248f010f18962c8d1cc4587e6c8b683a120a1e838d091284ba141566a8a01b92" logic_hash = "9b04725bf0a75340c011028b201ed08eb9de305a5b4630cc79156c0a847cdc9e" score = 75 @@ -111401,8 +112681,8 @@ rule ELASTIC_Linux_Generic_Threat_47B147Ec : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L470-L488" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L470-L488" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cc7734a10998a4878b8f0c362971243ea051ce6c1689444ba6e71aea297fb70d" logic_hash = "84c68f2ed76d644122daf81d41d4eb0be9aa8b1c82993464d3138ae30992110f" score = 75 @@ -111430,8 +112710,8 @@ rule ELASTIC_Linux_Generic_Threat_887671E9 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L490-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L490-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "701c7c75ed6a7aaf59f5a1f04192a1f7d49d73c1bd36453aed703ad5560606dc" logic_hash = "eefe9391a9ce716dbe16f11b8ccea89d032fdad42fcabd84ffe584409c550847" score = 75 @@ -111459,8 +112739,8 @@ rule ELASTIC_Linux_Generic_Threat_9Cf10F10 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d07c9be37dc37f43a54c8249fe887dbc4058708f238ff3d95ed21f874cbb84e8" logic_hash = "ca4ae64b73fb7013008e8049d17479032d904a3faf5ad0f2ad079971a231a3b8" score = 75 @@ -111488,8 +112768,8 @@ rule ELASTIC_Linux_Generic_Threat_75813Ab2 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L530-L549" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L530-L549" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5819eb73254fd2a698eb71bd738cf3df7beb65e8fb5e866151e8135865e3fd9a" logic_hash = "06e5daed278273137e416ef3ee6ac8496b144a9c3ce213ec92881ba61d7db6cb" score = 75 @@ -111518,8 +112798,8 @@ rule ELASTIC_Linux_Generic_Threat_11041685 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L551-L570" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L551-L570" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "296440107afb1c8c03e5efaf862f2e8cc6b5d2cf979f2c73ccac859d4b78865a" logic_hash = "19f4109e73981424527ece8c375274f97fd3042427b7875071451a8081a9aae7" score = 75 @@ -111548,8 +112828,8 @@ rule ELASTIC_Linux_Generic_Threat_0D22F19C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L572-L591" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L572-L591" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "da5a204af600e73184455d44aa6e01d82be8b480aa787b28a1df88bb281eb4db" logic_hash = "ee43796b0717717cb012385d5bb3aece433c11780f1a293d280c39411f9fed98" score = 75 @@ -111578,8 +112858,8 @@ rule ELASTIC_Linux_Generic_Threat_4A46B0E1 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L593-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L593-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "3ba47ba830ab8deebd9bb906ea45c7df1f7a281277b44d43c588c55c11eba34a" logic_hash = "e3f6804f502fad8c893fb4c3c27506b6ef17d7e0d0a01399c6d185bad92e895a" score = 75 @@ -111608,8 +112888,8 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L614-L633" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L614-L633" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "f23d4b1fd10e3cdd5499a12f426e72cdf0a098617e6b178401441f249836371e" logic_hash = "3ceea812f0252ec703a92482ce7a3ef0aa65bad149df2aa0107e07a45490b8f1" score = 75 @@ -111638,8 +112918,8 @@ rule ELASTIC_Linux_Generic_Threat_6D7Ec30A : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L635-L654" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L635-L654" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "1cad1ddad84cdd8788478c529ed4a5f25911fb98d0a6241dcf5f32b0cdfc3eb0" logic_hash = "33c705b89a82989c25fc67f50b06aa3a613cae567ec652d86ae64bad4b253c28" score = 75 @@ -111668,8 +112948,8 @@ rule ELASTIC_Linux_Generic_Threat_900Ffdd4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L656-L674" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L656-L674" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "a3e1a1f22f6d32931d3f72c35a5ee50092b5492b3874e9e6309d015d82bddc5d" logic_hash = "eb69bfc146b32e790fffdf4588b583335d2006182070b53fec43bb6e4971d779" score = 75 @@ -111697,8 +112977,8 @@ rule ELASTIC_Linux_Generic_Threat_Cb825102 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L676-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L676-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4e24b72b24026e3dfbd65ddab9194bd03d09446f9ff0b3bcec76efbb5c096584" logic_hash = "ac48f32ec82aac6df0697729d14aaee65fba82d91173332cd13c6ccccd63b1be" score = 75 @@ -111726,8 +113006,8 @@ rule ELASTIC_Linux_Generic_Threat_3Bcc1630 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L696-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L696-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "62a6866e924af2e2f5c8c1f5009ce64000acf700bb5351a47c7cfce6a4b2ffeb" logic_hash = "6f602aac6db46ac3f5b7716a1dac53b5dbd2c583505644bfc617d69be0a2d4de" score = 75 @@ -111757,8 +113037,8 @@ rule ELASTIC_Linux_Generic_Threat_5D5Fd28E : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L718-L738" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L718-L738" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5b179a117e946ce639e99ff42ab70616ed9f3953ff90b131b4b3063f970fa955" logic_hash = "b29ca34b98ee87151496f900fa3558190127957539afac3fd99db2dc51980213" score = 75 @@ -111788,8 +113068,8 @@ rule ELASTIC_Linux_Generic_Threat_B0B891Fb : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L740-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L740-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d666bc0600075f01d8139f8b09c5f4e4da17fa06a86ebb3fa0dc478562e541ae" logic_hash = "9ec82691a230f3240b1253f99a45cd0baa3238b6fd533004a22a6152b6ac9a12" score = 75 @@ -111818,8 +113098,8 @@ rule ELASTIC_Linux_Generic_Threat_Cd9Ce063 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "485581520dd73429b662b73083d504aa8118e01c5d37c1c08b21a5db0341a19d" logic_hash = "ba070c2147028cad4be1c139b16a770c9d9854456d073373a93ed0b213f7b34c" score = 75 @@ -111847,8 +113127,8 @@ rule ELASTIC_Linux_Generic_Threat_B8B076F4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "4496e77ff00ad49a32e090750cb10c55e773752f4a50be05e3c7faacc97d2677" logic_hash = "37f3be4cbda4a93136d66e32d7245d4c962a9fe1c98fb0325f42a1d16d6d9415" score = 75 @@ -111876,8 +113156,8 @@ rule ELASTIC_Linux_Generic_Threat_1Ac392Ca : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "dca2d035b1f7191f7876eb727b13c308f63fe8f899cab643526f9492ec0fa16f" logic_hash = "6ffa5099c0d18644cd11a0511db542d2f809e4cba974eccca814fedf5a2b0a5b" score = 75 @@ -111905,8 +113185,8 @@ rule ELASTIC_Linux_Generic_Threat_949Bf68C : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cc1b339ff6b33912a8713c192e8743d1207917825b62b6f585ab7c8d6ab4c044" logic_hash = "aaae0a8a2827786513891bc8c3e3418823ae3f3291d891e80e82113b929f7513" score = 75 @@ -111934,8 +113214,8 @@ rule ELASTIC_Linux_Generic_Threat_Bd35454B : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L841-L860" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L841-L860" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "cd729507d2e17aea23a56a56e0c593214dbda4197e8a353abe4ed0c5fbc4799c" logic_hash = "d3619cdb002b4ac7167716234058f949623c42a64614f5eb7956866b68fff5e4" score = 75 @@ -111964,8 +113244,8 @@ rule ELASTIC_Linux_Generic_Threat_1E047045 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L862-L880" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L862-L880" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "2c49772d89bcc4ad4ed0cc130f91ed0ce1e625262762a4e9279058f36f4f5841" logic_hash = "0d28df53e030664e7225f1170888b51e94e64833537c5add3e10cfdb4f029a3a" score = 75 @@ -111993,8 +113273,8 @@ rule ELASTIC_Linux_Generic_Threat_1973391F : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L882-L901" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L882-L901" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "7bd76010f18061aeaf612ad96d7c03341519d85f6a1683fc4b2c74ea0508fe1f" logic_hash = "632a43b68e498f463ff5dfa78212646b8bd108ea47ff11164c8c1a69e830c1ac" score = 75 @@ -112023,8 +113303,8 @@ rule ELASTIC_Linux_Generic_Threat_66D00A84 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L903-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L903-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "464e144bcbb54fc34262b4d81143f4e69e350fb526c803ebea1fdcfc8e57bf33" logic_hash = "a1d60619d72b3309bfaaf8b4085dd5ed90142ff3e9ebfe80fcd7beba5f14a62e" score = 75 @@ -112052,8 +113332,8 @@ rule ELASTIC_Linux_Generic_Threat_D2Dca9E7 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L923-L941" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L923-L941" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9b10bb3773011c4da44bf3a0f05b83079e4ad30f0b1eb2636a6025b927e03c7f" logic_hash = "175b9a80314cf280b995a012f13e65bd4ce7e27faebf02ae5abe978dbd14447c" score = 75 @@ -112081,8 +113361,8 @@ rule ELASTIC_Linux_Generic_Threat_1F5D056B : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L943-L962" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L943-L962" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "99d982701b156fe3523b359498c2d03899ea9805d6349416c9702b1067293471" logic_hash = "8ad23b593880dc1bebc95c92d0efc3a90e6b1e143c350e30b1a4258502ce7fc7" score = 75 @@ -112111,8 +113391,8 @@ rule ELASTIC_Linux_Generic_Threat_D94E1020 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L964-L982" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L964-L982" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "96a2bfbb55250b784e94b1006391cc51e4adecbdde1fe450eab53353186f6ff0" logic_hash = "e4b4e588588080c66076aec02f56b4764a5f72059922db9651461c0287fe0351" score = 75 @@ -112140,8 +113420,8 @@ rule ELASTIC_Linux_Generic_Threat_Aa0C23D5 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L984-L1004" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L984-L1004" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8314290b81b827e1a1d157c41916a41a1c033e4f74876acc6806ed79ebbcc13d" logic_hash = "092f0ece2dfca3e02493c00afffe48ca4feccf56ab6f22d952a7ba5f115f3765" score = 75 @@ -112171,8 +113451,8 @@ rule ELASTIC_Linux_Generic_Threat_8299C877 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "60c486049ec82b4fa2e0a53293ae6476216b76e2c23238ef1c723ac0a2ae070c" logic_hash = "3e0653a02517faa3037fc5f3f01f6fb11164fecafc6eca457a122ef2d1a99010" score = 75 @@ -112200,8 +113480,8 @@ rule ELASTIC_Linux_Generic_Threat_81Aa5579 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6be0e2c98ba5255b76c31f689432a9de83a0d76a898c28dbed0ba11354fec6c2" logic_hash = "c94d590daf61217335a72f3e1bc24b09084cf0a5a174c013c5aa97c01707c2bc" score = 75 @@ -112229,8 +113509,8 @@ rule ELASTIC_Linux_Generic_Threat_F2452362 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5ff46c27b5823e55f25c9567d687529a24a0d52dea5bc2423b36345782e6b8f6" logic_hash = "95d51077cb7c0f4b089a2e2ee8fcbab204264ade7ddd64fc1ee0176183dc84e0" score = 75 @@ -112259,8 +113539,8 @@ rule ELASTIC_Linux_Generic_Threat_Da28Eb8B : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "b3b4fcd19d71814d3b4899528ee9c3c2188e4a7a4d8ddb88859b1a6868e8433f" logic_hash = "8b0892d0dd8a012a1f9cd87a0ad3321ae751dd17a96205c12e6648946cf2afe2" score = 75 @@ -112289,8 +113569,8 @@ rule ELASTIC_Linux_Generic_Threat_A40Aaa96 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "6f965252141084524f85d94169b13938721bce24cc986bf870473566b7cfd81b" logic_hash = "ab05cbf494b3b78083fd3e71703effed797d803b0203f8a413eb69b746656b1d" score = 75 @@ -112320,8 +113600,8 @@ rule ELASTIC_Linux_Generic_Threat_E24558E1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "9f483ddd8971cad4b25bb36a5a0cfb95c35a12c7d5cb9124ef0cfd020da63e99" logic_hash = "f1f33c719a4b41968c137ed43aa0591f97b4558d4dd9bd160df519dfbbc49205" score = 75 @@ -112351,8 +113631,8 @@ rule ELASTIC_Linux_Generic_Threat_Ace836F1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "116aaba80e2f303206d0ba84c8c58a4e3e34b70a8ca2717fa9cf1aa414d5ffcc" logic_hash = "c80af9d6f3e4d92cfa53429abbda944069d335fc89421a89e04089d236f5dddf" score = 75 @@ -112380,8 +113660,8 @@ rule ELASTIC_Linux_Generic_Threat_E9Aef030 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "5ab72be12cca8275d95a90188a1584d67f95d43a7903987e734002983b5a3925" logic_hash = "1d458e147d6667e2e0740d6d26fee05ac02f49e9eba30002852e723308b1b462" score = 75 @@ -112409,8 +113689,8 @@ rule ELASTIC_Linux_Generic_Threat_A3C5F3Bd : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "8c093bcf3d83545ec442519637c956d2af62193ea6fd2769925cacda54e672b6" logic_hash = "41e66d1f47e7197662aa661ef49ee1f3191fee07a49538dd631ce9cc6fdd56be" score = 75 @@ -112440,8 +113720,8 @@ rule ELASTIC_Linux_Generic_Threat_3Fa2Df51 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "89ec224db6b63936e8bc772415d785ef063bfd9343319892e832034696ff6f15" logic_hash = "f43b659dd093a635d9723b2443366763132217aaf28c582ed43f180725f92f19" score = 75 @@ -112470,8 +113750,8 @@ rule ELASTIC_Linux_Generic_Threat_Be02B1C9 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "ef6d47ed26f9ac96836f112f1085656cf73fc445c8bacdb737b8be34d8e3bcd2" logic_hash = "a278c3a8033139d84c99a53901526895b154b5ef363fbeed47095889a5fb8d31" score = 75 @@ -112499,8 +113779,8 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/99e762c867d944ed7a8ddf83f6af9475442f5c19/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/28336769b72540c8b02aa04e1b47dfc093f3ea03/LICENSE.txt" hash = "d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3" logic_hash = "24cb368040fffe2743d0361a955d45a62a95a31c1744f3de15089169e365bb89" score = 75 @@ -112523,7 +113803,7 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY * YARA Rule Set * Repository Name: R3c0nst * Repository: https://github.com/fboldewin/YARA-rules/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2 * Number of Rules: 26 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -113290,8 +114570,8 @@ rule R3C0NST_ATM_Malware_Dispcashbr : FILE * YARA Rule Set * Repository Name: CAPE * Repository: https://github.com/kevoreilly/CAPEv2 - * Retrieval Date: 2024-11-24 - * Git Commit: a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3 + * Retrieval Date: 2024-12-01 + * Git Commit: 3427c2690275fc06aff5ff5e27aeb8fc68422529 * Number of Rules: 164 * Skipped: 0 (age), 14 (quality), 3 (score), 0 (importance) * @@ -113973,8 +115253,8 @@ rule CAPE_Themida : FILE date = "2024-09-11" modified = "2024-09-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/binaries/Themida.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/binaries/Themida.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257" score = 75 quality = 70 @@ -113996,8 +115276,8 @@ rule CAPE_Megacortex : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/MegaCortex.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/MegaCortex.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6" score = 75 quality = 70 @@ -114021,8 +115301,8 @@ rule CAPE_Sedreco : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Sedreco.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Sedreco.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca" score = 75 quality = 70 @@ -114046,8 +115326,8 @@ rule CAPE_Kronos : FILE date = "2020-07-02" modified = "2020-07-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Kronos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Kronos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3" score = 75 quality = 70 @@ -114072,8 +115352,8 @@ rule CAPE_Varenyky : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Varenyky.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Varenyky.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9" score = 75 quality = 70 @@ -114095,8 +115375,8 @@ rule CAPE_Amadey : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Amadey.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Amadey.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4" logic_hash = "38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48" score = 75 @@ -114121,8 +115401,8 @@ rule CAPE_Rokrat : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/RokRat.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/RokRat.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec" score = 75 quality = 70 @@ -114145,8 +115425,8 @@ rule CAPE_Eternalromance : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/EternalRomance.yar#L1-L33" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/EternalRomance.yar#L1-L33" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d" score = 75 quality = 68 @@ -114190,8 +115470,8 @@ rule CAPE_Vidar : FILE date = "2023-04-21" modified = "2023-04-21" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Vidar.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Vidar.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d" score = 75 quality = 70 @@ -114224,8 +115504,8 @@ rule CAPE_Zeuspanda : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/ZeusPanda.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/ZeusPanda.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761" score = 75 quality = 70 @@ -114248,8 +115528,8 @@ rule CAPE_Nettraveler : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/NetTraveler.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/NetTraveler.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233" score = 75 quality = 70 @@ -114273,8 +115553,8 @@ rule CAPE_Buerloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BuerLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BuerLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29" score = 75 quality = 70 @@ -114298,8 +115578,8 @@ rule CAPE_Petya : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Petya.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Petya.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014" score = 75 quality = 70 @@ -114323,8 +115603,8 @@ rule CAPE_Oyster date = "2024-05-30" modified = "2024-05-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Oyster.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Oyster.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650" logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540" score = 75 @@ -114354,8 +115634,8 @@ rule CAPE_Zerot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/ZeroT.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/ZeroT.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803" score = 75 quality = 68 @@ -114381,8 +115661,8 @@ rule CAPE_Quasarrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/QuasarRAT.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/QuasarRAT.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b" score = 75 quality = 70 @@ -114416,8 +115696,8 @@ rule CAPE_Quasarrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/QuasarRAT.yar#L24-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/QuasarRAT.yar#L24-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7" score = 75 quality = 70 @@ -114449,8 +115729,8 @@ rule CAPE_Ursnif : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Ursnif.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Ursnif.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd" score = 75 quality = 70 @@ -114479,8 +115759,8 @@ rule CAPE_Tscookie : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/TSCookie.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/TSCookie.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3" score = 75 quality = 70 @@ -114504,8 +115784,8 @@ rule CAPE_Dridexv4 : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DridexV4.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DridexV4.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6" score = 75 quality = 70 @@ -114531,8 +115811,8 @@ rule CAPE_Seduploader : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Seduploader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Seduploader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516" score = 75 quality = 70 @@ -114554,8 +115834,8 @@ rule CAPE_Wanacry : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/WanaCry.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/WanaCry.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944" score = 75 quality = 70 @@ -114581,8 +115861,8 @@ rule CAPE_Bazar : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Bazar.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Bazar.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d" score = 75 quality = 70 @@ -114605,8 +115885,8 @@ rule CAPE_Remcos : FILE date = "2022-05-10" modified = "2022-05-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Remcos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Remcos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710" score = 75 quality = 68 @@ -114631,8 +115911,8 @@ rule CAPE_Cerber : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Cerber.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Cerber.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3" score = 75 quality = 70 @@ -114656,8 +115936,8 @@ rule CAPE_Nighthawk date = "2022-12-05" modified = "2022-12-05" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Nighthawk.yar#L3-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Nighthawk.yar#L3-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2" score = 75 quality = 70 @@ -114681,8 +115961,8 @@ rule CAPE_Qakbot5 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/QakBot.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/QakBot.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35" logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf" score = 75 @@ -114708,8 +115988,8 @@ rule CAPE_Qakbot4 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/QakBot.yar#L17-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/QakBot.yar#L17-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f" score = 75 quality = 70 @@ -114739,8 +116019,8 @@ rule CAPE_Rozena date = "2024-03-15" modified = "2024-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Rozena.yar#L1-L10" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Rozena.yar#L1-L10" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135" score = 75 quality = 70 @@ -114763,8 +116043,8 @@ rule CAPE_Zloader : FILE date = "2024-05-06" modified = "2024-05-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Zloader.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Zloader.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa" logic_hash = "a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9" score = 75 @@ -114793,8 +116073,8 @@ rule CAPE_Doomedloader : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DoomedLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DoomedLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77" score = 75 quality = 70 @@ -114818,8 +116098,8 @@ rule CAPE_Icedid date = "2021-12-16" modified = "2021-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/IcedID.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/IcedID.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331" score = 75 quality = 45 @@ -114848,8 +116128,8 @@ rule CAPE_Gandcrab : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Gandcrab.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Gandcrab.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c" score = 75 quality = 70 @@ -114874,8 +116154,8 @@ rule CAPE_Rcsession date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/RCSession.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/RCSession.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d" score = 75 quality = 70 @@ -114898,8 +116178,8 @@ rule CAPE_Ursnifv3 : FILE date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/UrsnifV3.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/UrsnifV3.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8" score = 75 quality = 70 @@ -114928,8 +116208,8 @@ rule CAPE_Formbook date = "2023-10-13" modified = "2023-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Formbook.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Formbook.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e" score = 75 quality = 70 @@ -114958,8 +116238,8 @@ rule CAPE_Hermes : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Hermes.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Hermes.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b" score = 75 quality = 70 @@ -114983,8 +116263,8 @@ rule CAPE_Dcrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DCRat.yar#L1-L66" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DCRat.yar#L1-L66" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8" score = 75 quality = 45 @@ -115057,8 +116337,8 @@ rule CAPE_Dcrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DCRat.yar#L68-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DCRat.yar#L68-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54" score = 75 quality = 62 @@ -115090,8 +116370,8 @@ rule CAPE_Kpot : FILE date = "2020-10-19" modified = "2020-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Kpot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Kpot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f" score = 75 quality = 70 @@ -115115,8 +116395,8 @@ rule CAPE_Emotetloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/EmotetLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/EmotetLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773" score = 75 quality = 70 @@ -115138,8 +116418,8 @@ rule CAPE_Gootkit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Gootkit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Gootkit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7" score = 75 quality = 70 @@ -115161,8 +116441,8 @@ rule CAPE_Kovter : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Kovter.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Kovter.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d" score = 75 quality = 70 @@ -115187,8 +116467,8 @@ rule CAPE_Pikabotloader : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/PikaBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/PikaBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231" score = 75 quality = 70 @@ -115212,8 +116492,8 @@ rule CAPE_Pikabot : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/PikaBot.yar#L15-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/PikaBot.yar#L15-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7" score = 75 quality = 70 @@ -115238,8 +116518,8 @@ rule CAPE_Pik23 : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/PikaBot.yar#L30-L44" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/PikaBot.yar#L30-L44" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc" score = 75 @@ -115265,8 +116545,8 @@ rule CAPE_Hancitor : FILE date = "2020-10-20" modified = "2020-10-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Hancitor.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Hancitor.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c" score = 75 quality = 70 @@ -115291,8 +116571,8 @@ rule CAPE_Bruteratel date = "2024-07-11" modified = "2024-07-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BruteRatel.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BruteRatel.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66" score = 75 quality = 70 @@ -115317,8 +116597,8 @@ rule CAPE_Lokibot : FILE date = "2022-02-01" modified = "2022-02-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/LokiBot.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/LokiBot.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06" score = 75 quality = 70 @@ -115341,8 +116621,8 @@ rule CAPE_Tclient : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/TClient.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/TClient.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d" score = 75 quality = 70 @@ -115364,8 +116644,8 @@ rule CAPE_Rhadamanthys date = "2023-09-18" modified = "2023-09-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Rhadamanthys.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Rhadamanthys.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff" score = 75 quality = 70 @@ -115390,8 +116670,8 @@ rule CAPE_Mole : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Mole.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Mole.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786" score = 75 quality = 70 @@ -115415,8 +116695,8 @@ rule CAPE_Magniber : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Magniber.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Magniber.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618" score = 75 quality = 70 @@ -115438,8 +116718,8 @@ rule CAPE_Nanolocker : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/NanoLocker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/NanoLocker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db" score = 75 quality = 70 @@ -115463,8 +116743,8 @@ rule CAPE_Squirrelwaffle : FILE date = "2021-10-13" modified = "2021-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500" score = 75 quality = 70 @@ -115487,8 +116767,8 @@ rule CAPE_Doppelpaymer : FILE date = "2022-06-27" modified = "2022-06-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DoppelPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DoppelPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d" score = 75 quality = 70 @@ -115511,8 +116791,8 @@ rule CAPE_Ramnit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Ramnit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Ramnit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd" score = 75 quality = 70 @@ -115536,8 +116816,8 @@ rule CAPE_Agent_Tesla date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be" score = 75 quality = 70 @@ -115563,8 +116843,8 @@ rule CAPE_Agenttesla : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L19-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L19-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188" score = 75 quality = 70 @@ -115596,8 +116876,8 @@ rule CAPE_Agentteslav2 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L43-L67" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L43-L67" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78" score = 75 quality = 70 @@ -115633,8 +116913,8 @@ rule CAPE_Agentteslav3 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L69-L111" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L69-L111" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459" score = 75 quality = 68 @@ -115687,8 +116967,8 @@ rule CAPE_Agentteslaxor : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L113-L123" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L113-L123" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5" score = 75 quality = 20 @@ -115710,8 +116990,8 @@ rule CAPE_Agentteslav4 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L125-L138" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L125-L138" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9" score = 75 quality = 70 @@ -115736,8 +117016,8 @@ rule CAPE_Agentteslav4Jit date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AgentTesla.yar#L140-L153" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AgentTesla.yar#L140-L153" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc" score = 75 quality = 70 @@ -115762,8 +117042,8 @@ rule CAPE_Asyncrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AsyncRAT.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AsyncRAT.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3" score = 75 quality = 66 @@ -115791,8 +117071,8 @@ rule CAPE_Asyncrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AsyncRAT.yar#L19-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AsyncRAT.yar#L19-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "2699ef93ae10b205b79025098afc1d1cfe7dbdf192f4d98a6e34a8f3de154810" score = 75 quality = 62 @@ -115825,8 +117105,8 @@ rule CAPE_Locky : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Locky.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Locky.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7" score = 75 quality = 70 @@ -115850,8 +117130,8 @@ rule CAPE_Cryptoshield : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Cryptoshield.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Cryptoshield.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6" score = 75 quality = 70 @@ -115875,8 +117155,8 @@ rule CAPE_Darkgate date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DarkGate.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DarkGate.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191" score = 75 quality = 70 @@ -115903,8 +117183,8 @@ rule CAPE_Carbanak : FILE date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Carbanak.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Carbanak.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84" logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367" score = 75 @@ -115929,8 +117209,8 @@ rule CAPE_Blister : FILE date = "2023-09-20" modified = "2023-09-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2" hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c" logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d" @@ -115958,8 +117238,8 @@ rule CAPE_Jaff : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Jaff.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Jaff.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418" score = 75 quality = 70 @@ -115984,8 +117264,8 @@ rule CAPE_Ryuk : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Ryuk.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Ryuk.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c" score = 75 quality = 70 @@ -116010,8 +117290,8 @@ rule CAPE_Smokeloader date = "2024-11-12" modified = "2024-11-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/SmokeLoader.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/SmokeLoader.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "779e2ac213e5ced7bc06e6208826b65cf8fc3113a69ede6408b84055542fa76d" score = 75 quality = 70 @@ -116036,8 +117316,8 @@ rule CAPE_Xworm : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/XWorm.yar#L1-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/XWorm.yar#L1-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7" score = 75 quality = 68 @@ -116076,8 +117356,8 @@ rule CAPE_Xworm_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/XWorm.yar#L29-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/XWorm.yar#L29-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3" score = 75 quality = 66 @@ -116108,8 +117388,8 @@ rule CAPE_Stealc : FILE date = "2024-09-10" modified = "2024-09-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4" score = 75 @@ -116133,8 +117413,8 @@ rule CAPE_Blackdropper date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BlackDropper.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BlackDropper.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257" logic_hash = "c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28" score = 75 @@ -116162,8 +117442,8 @@ rule CAPE_Cobaltstrikestager date = "2023-01-18" modified = "2023-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5" score = 75 quality = 70 @@ -116188,8 +117468,8 @@ rule CAPE_Atlas : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Atlas.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Atlas.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e" score = 75 quality = 70 @@ -116213,8 +117493,8 @@ rule CAPE_Latrodectus date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Latrodectus.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Latrodectus.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811" logic_hash = "2f98d570bf9a490eecd2807599b93023ccacab86f3b7674f0118bbebd4dd2776" score = 75 @@ -116241,8 +117521,8 @@ rule CAPE_Latrodectus_AES date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Latrodectus.yar#L18-L34" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Latrodectus.yar#L18-L34" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8" logic_hash = "1f00f6f187f15d39a30e15ffd14dae07707141999271ad4ac6a75ff4d93dd54d" score = 75 @@ -116270,8 +117550,8 @@ rule CAPE_Codoso : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Codoso.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Codoso.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8" score = 75 quality = 70 @@ -116295,8 +117575,8 @@ rule CAPE_Xenorat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/XenoRAT.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/XenoRAT.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef" score = 75 quality = 66 @@ -116323,8 +117603,8 @@ rule CAPE_Arkei : FILE date = "2020-02-11" modified = "2020-02-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Arkei.yar#L1-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Arkei.yar#L1-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3" score = 75 quality = 70 @@ -116358,8 +117638,8 @@ rule CAPE_Scarab : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Scarab.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Scarab.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6" score = 75 quality = 70 @@ -116383,8 +117663,8 @@ rule CAPE_Azorult : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Azorult.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Azorult.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90" score = 75 quality = 70 @@ -116407,8 +117687,8 @@ rule CAPE_Bumblebee : FILE date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BumbleBee.yar#L35-L50" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BumbleBee.yar#L35-L50" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee" score = 75 quality = 70 @@ -116435,8 +117715,8 @@ rule CAPE_Bumblebee2024 date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BumbleBee.yar#L52-L68" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BumbleBee.yar#L52-L68" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2" score = 75 quality = 70 @@ -116464,8 +117744,8 @@ rule CAPE_Nitrogenloader date = "2024-11-22" modified = "2024-11-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/NitrogenLoader.yar#L1-L23" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/NitrogenLoader.yar#L1-L23" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b7c0946757a19e9bfc47f1abfa5f2c2f522c8686142171f5e9154ac10293926b" score = 75 quality = 70 @@ -116499,8 +117779,8 @@ rule CAPE_Badrabbit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BadRabbit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BadRabbit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c" score = 75 quality = 70 @@ -116524,8 +117804,8 @@ rule CAPE_Dreambot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Dreambot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Dreambot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b" score = 75 quality = 70 @@ -116550,8 +117830,8 @@ rule CAPE_Fareit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Fareit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Fareit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83" score = 75 quality = 70 @@ -116573,8 +117853,8 @@ rule CAPE_Masslogger : FILE date = "2020-11-24" modified = "2020-11-24" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/MassLogger.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/MassLogger.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c" score = 75 quality = 70 @@ -116597,8 +117877,8 @@ rule CAPE_Lumma : FILE date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Lumma.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Lumma.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "44408ffa7870dbc1a8a31567dd743f46542da01ed8083e5413392920b9d1bafe" score = 75 quality = 70 @@ -116624,8 +117904,8 @@ rule CAPE_Lockbit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Lockbit.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Lockbit.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9" score = 75 quality = 70 @@ -116651,8 +117931,8 @@ rule CAPE_Aurorastealer : FILE date = "2022-12-14" modified = "2023-03-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/AuroraStealer.yar#L1-L74" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/AuroraStealer.yar#L1-L74" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5" score = 75 quality = 45 @@ -116731,8 +118011,8 @@ rule CAPE_Koiloader date = "2024-10-25" modified = "2024-10-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/KoiLoader.yar#L1-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/KoiLoader.yar#L1-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0" logic_hash = "264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90" score = 75 @@ -116776,8 +118056,8 @@ rule CAPE_Cargobayloader : FILE date = "2023-02-20" modified = "2023-02-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/CargoBayLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/CargoBayLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c" logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9" score = 75 @@ -116801,8 +118081,8 @@ rule CAPE_Socks5Systemz : FILE date = "2024-05-22" modified = "2024-05-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Socks5Systemz.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Socks5Systemz.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "44b83b6d2ab39b4258ae0d97d00d02afdbb62a3973fd788584e4dea9db69cc1b" score = 75 quality = 70 @@ -116831,8 +118111,8 @@ rule CAPE_Conti : FILE date = "2021-03-15" modified = "2021-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Conti.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Conti.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848" score = 75 quality = 70 @@ -116856,8 +118136,8 @@ rule CAPE_Petrwrap : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/PetrWrap.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/PetrWrap.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968" score = 75 quality = 70 @@ -116882,8 +118162,8 @@ rule CAPE_Bitpaymer : FILE date = "2019-11-27" modified = "2019-11-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/BitPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/BitPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c" score = 75 quality = 70 @@ -116906,8 +118186,8 @@ rule CAPE_Azer : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Azer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Azer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5" score = 75 quality = 70 @@ -116931,8 +118211,8 @@ rule CAPE_Nemty : FILE date = "2020-04-03" modified = "2020-04-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/Nemty.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/Nemty.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419" score = 75 quality = 70 @@ -116956,8 +118236,8 @@ rule CAPE_Trickbot date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/TrickBot.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/TrickBot.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea" score = 75 quality = 70 @@ -116988,8 +118268,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/TrickBot.yar#L22-L38" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/TrickBot.yar#L22-L38" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "491115422a6b94dc952982e6914adc39" logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2" score = 75 @@ -117017,8 +118297,8 @@ rule CAPE_Dridexloader : FILE date = "2021-03-10" modified = "2021-03-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/data/yara/CAPE/DridexLoader.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/data/yara/CAPE/DridexLoader.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588" score = 75 quality = 70 @@ -117045,8 +118325,8 @@ rule CAPE_Singlestepantihook date = "2021-08-26" modified = "2021-08-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809" score = 75 quality = 70 @@ -117068,8 +118348,8 @@ rule CAPE_Heavenssyscall : FILE date = "2024-03-25" modified = "2024-03-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3" score = 75 quality = 70 @@ -117093,8 +118373,8 @@ rule CAPE_Gettickcountantivm date = "2022-02-25" modified = "2022-02-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42" hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce" hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541" @@ -117125,8 +118405,8 @@ rule CAPE_Buerloader_1 : FILE date = "2021-03-13" modified = "2021-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940" score = 75 quality = 70 @@ -117148,8 +118428,8 @@ rule CAPE_Modiloader : FILE date = "2023-10-19" modified = "2023-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4" score = 75 quality = 66 @@ -117193,8 +118473,8 @@ rule CAPE_Risepro : FILE date = "2023-12-16" modified = "2023-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/RisePro.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/RisePro.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6" logic_hash = "055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a" score = 75 @@ -117219,8 +118499,8 @@ rule CAPE_Privateloader date = "2024-10-04" modified = "2024-10-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526" score = 75 quality = 70 @@ -117243,8 +118523,8 @@ rule CAPE_Qakbot5_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/QakBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/QakBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767" score = 75 quality = 70 @@ -117268,8 +118548,8 @@ rule CAPE_Qakbot4_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/QakBot.yar#L15-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/QakBot.yar#L15-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5" score = 75 quality = 70 @@ -117295,8 +118575,8 @@ rule CAPE_Qakbotloader : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/QakBot.yar#L31-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/QakBot.yar#L31-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a" logic_hash = "00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98" score = 75 @@ -117323,8 +118603,8 @@ rule CAPE_Qakbotantivm date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/QakBot.yar#L48-L59" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/QakBot.yar#L48-L59" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7" logic_hash = "20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989" score = 75 @@ -117347,8 +118627,8 @@ rule CAPE_Zloader_1 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Zloader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Zloader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa" score = 75 quality = 70 @@ -117371,8 +118651,8 @@ rule CAPE_Zloader_2024 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Zloader.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Zloader.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e" score = 75 quality = 70 @@ -117396,8 +118676,8 @@ rule CAPE_Guloaderprecursor : FILE date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Guloader.yar#L17-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Guloader.yar#L17-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070" score = 75 quality = 70 @@ -117420,8 +118700,8 @@ rule CAPE_Rdtscpantivm date = "2021-12-11" modified = "2021-12-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910" score = 75 quality = 70 @@ -117443,8 +118723,8 @@ rule CAPE_Icedidsyscallwritemem : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993" score = 75 quality = 70 @@ -117468,8 +118748,8 @@ rule CAPE_Icedidhook date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L15-L25" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L15-L25" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f" score = 75 quality = 70 @@ -117491,8 +118771,8 @@ rule CAPE_Icedidpackera : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L27-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L27-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe" logic_hash = "aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408" score = 75 @@ -117517,8 +118797,8 @@ rule CAPE_Icedidpackerb : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L42-L56" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L42-L56" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6" logic_hash = "fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7" score = 75 @@ -117543,8 +118823,8 @@ rule CAPE_Icedidpackerc : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L58-L71" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L58-L71" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5" hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844" logic_hash = "f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166" @@ -117569,8 +118849,8 @@ rule CAPE_Icedidpackerd : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L73-L86" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L73-L86" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8" logic_hash = "6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7" score = 75 @@ -117595,8 +118875,8 @@ rule CAPE_Icedsleep : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/IcedID.yar#L88-L99" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/IcedID.yar#L88-L99" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70" score = 75 quality = 70 @@ -117619,8 +118899,8 @@ rule CAPE_Ursnifv3_1 date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c" score = 75 quality = 70 @@ -117647,8 +118927,8 @@ rule CAPE_Formhooka date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d" score = 75 quality = 70 @@ -117673,8 +118953,8 @@ rule CAPE_Formhookb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L16-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L16-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b8b677ca239c6c5faf44f7a46c1e3e231f5708fb13aac724fd3ac9f865b965d8" score = 75 quality = 70 @@ -117699,8 +118979,8 @@ rule CAPE_Formconfa date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L31-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L31-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75" score = 75 quality = 70 @@ -117724,8 +119004,8 @@ rule CAPE_Formhelper date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L45-L57" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L45-L57" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63" score = 75 quality = 70 @@ -117749,8 +119029,8 @@ rule CAPE_Formconfb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L59-L73" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L59-L73" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "8a96ef5c6cebb51186acd099b795066e8e8b2c2adbed4dcc66b81228f70e5c4f" score = 75 quality = 70 @@ -117776,8 +119056,8 @@ rule CAPE_Formconfc date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Formbook.yar#L75-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Formbook.yar#L75-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f52bce00d2ec88682115a8720f0a182b7ef7fe7b9b9fc466bb8ddc1779341509" score = 75 quality = 70 @@ -117801,8 +119081,8 @@ rule CAPE_Emotetpacker : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d" logic_hash = "5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd" score = 75 @@ -117826,8 +119106,8 @@ rule CAPE_Mysterysnail date = "2021-10-16" modified = "2021-10-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8" score = 75 quality = 70 @@ -117849,8 +119129,8 @@ rule CAPE_Bruteratelsyscall date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6" score = 75 quality = 70 @@ -117873,8 +119153,8 @@ rule CAPE_Bruteratelpacker date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6" score = 75 quality = 70 @@ -117898,8 +119178,8 @@ rule CAPE_Bruterateldate date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7" score = 75 quality = 70 @@ -117922,8 +119202,8 @@ rule CAPE_Bruteratelconfig date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7" score = 75 quality = 70 @@ -117945,8 +119225,8 @@ rule CAPE_Darkgateloader date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "56069f38edb7d50b0d5680a847d85b1aabc97e432a37911ac9d28aee3b12f526" score = 75 quality = 68 @@ -117972,8 +119252,8 @@ rule CAPE_Rhadamanthys_1 date = "2023-04-18" modified = "2023-04-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d" score = 75 quality = 70 @@ -117998,8 +119278,8 @@ rule CAPE_Agentteslav3Jit date = "2024-02-27" modified = "2024-02-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec" score = 75 quality = 70 @@ -118021,8 +119301,8 @@ rule CAPE_Blister_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb" score = 75 quality = 70 @@ -118050,8 +119330,8 @@ rule CAPE_Pikahook : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Pikabot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Pikabot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd" score = 75 quality = 70 @@ -118076,8 +119356,8 @@ rule CAPE_Pikexport : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Pikabot.yar#L16-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Pikabot.yar#L16-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646" logic_hash = "33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42" score = 75 @@ -118101,8 +119381,8 @@ rule CAPE_Vbcrypter date = "2021-03-28" modified = "2021-03-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e" score = 75 quality = 70 @@ -118124,8 +119404,8 @@ rule CAPE_Smokeloader_1 : FILE date = "2023-02-06" modified = "2023-02-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "4b15162f4b754cdd6a9124f29f0fd979085734063a0b17f2a97a9750f29e2e0b" score = 75 quality = 70 @@ -118147,8 +119427,8 @@ rule CAPE_Xworm_1 date = "2023-11-07" modified = "2023-11-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/XWorm.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/XWorm.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a" score = 75 quality = 70 @@ -118170,8 +119450,8 @@ rule CAPE_Stealcanti : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13" score = 75 @@ -118195,8 +119475,8 @@ rule CAPE_Stealcstrings : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Stealc.yar#L15-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Stealc.yar#L15-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc" score = 75 quality = 70 @@ -118219,8 +119499,8 @@ rule CAPE_Latrodectus_1 : FILE date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05" logic_hash = "c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd" score = 75 @@ -118243,8 +119523,8 @@ rule CAPE_Anticuckoo : FILE date = "2023-03-17" modified = "2023-03-17" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5" logic_hash = "a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e" score = 75 @@ -118267,8 +119547,8 @@ rule CAPE_Bumblebeeshellcode_1 date = "2023-02-08" modified = "2023-02-08" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "865510868ee7c089c2ada0645098e851ca2bb9084a74315ce16296eb19c93ab4" score = 75 quality = 70 @@ -118294,8 +119574,8 @@ rule CAPE_Loadersyscall date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45" score = 75 quality = 70 @@ -118319,8 +119599,8 @@ rule CAPE_Nitrogenloaderaes date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396" score = 75 quality = 70 @@ -118344,8 +119624,8 @@ rule CAPE_Nitrogenloaderbypass date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457" score = 75 quality = 70 @@ -118369,8 +119649,8 @@ rule CAPE_Lumma_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Lumma.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Lumma.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0" score = 75 quality = 70 @@ -118395,8 +119675,8 @@ rule CAPE_Lummaremap date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/Lumma.yar#L16-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/Lumma.yar#L16-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713" score = 75 quality = 70 @@ -118419,8 +119699,8 @@ rule CAPE_Slowloader date = "2024-09-23" modified = "2024-09-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4" score = 75 quality = 70 @@ -118443,8 +119723,8 @@ rule CAPE_Dridexloader_1 : FILE date = "2021-03-09" modified = "2021-03-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/a8c6b37c97b0fd7391bcd92a305f9bda0f0b76a3/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/3427c2690275fc06aff5ff5e27aeb8fc68422529/LICENSE" logic_hash = "00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce" score = 75 quality = 70 @@ -118461,7 +119741,7 @@ rule CAPE_Dridexloader_1 : FILE * YARA Rule Set * Repository Name: BinaryAlert * Repository: https://github.com/airbnb/binaryalert/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b * Number of Rules: 78 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -120882,7 +122162,7 @@ rule BINARYALERT_Hacktool_Windows_Ncc_Wmicmd * YARA Rule Set * Repository Name: DeadBits * Repository: https://github.com/deadbits/yara-rules/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001 * Number of Rules: 19 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -121278,7 +122558,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR description = "No description has been set in the source file - DeadBits" author = "Adam M. Swanda" id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0" - date = "2019-11-24" + date = "2019-11-01" modified = "2019-12-04" reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/" source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41" @@ -121735,9 +123015,9 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE * YARA Rule Set * Repository Name: DelivrTo * Repository: https://github.com/delivr-to/detections - * Retrieval Date: 2024-11-24 - * Git Commit: 6c67d221a0366f7e2c1a31fb0c208bff63f3de86 - * Number of Rules: 8 + * Retrieval Date: 2024-12-01 + * Git Commit: 29cddf297f5eaff884b0e1c201bd9b7447022cf8 + * Number of Rules: 9 * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance) * * @@ -121745,6 +123025,29 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE * * NO LICENSE SET */ +rule DELIVRTO_SUSP_SVG_Foreignobject_Nov24 +{ + meta: + description = "Presence of foreignObject in SVG file" + author = "delivr.to" + id = "148ef54a-4389-58c9-be89-c1714ef08371" + date = "2024-11-28" + modified = "2024-11-28" + reference = "https://github.com/delivr-to/detections" + source_url = "https://github.com/delivr-to/detections/blob/29cddf297f5eaff884b0e1c201bd9b7447022cf8/yara-rules/svg_foreignobject.yar#L1-L12" + license_url = "N/A" + logic_hash = "51fdc105e826344b9e516a35178c37b6e4620781ee3a9ae64b9be181a13292e7" + score = 40 + quality = 51 + tags = "" + + strings: + $svg = "svg" ascii wide nocase + $fo = "8 and #code2>=2 and #code3>=2) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Macos_Reloadext_Installer : STORMBAMBOO FILE MEMORY { @@ -208382,8 +209685,8 @@ rule VOLEXITY_Apt_Malware_Macos_Reloadext_Installer : STORMBAMBOO FILE MEMORY condition: 3 of them } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Any_Macma_A : STORMBAMBOO FILE MEMORY { @@ -208439,8 +209742,8 @@ rule VOLEXITY_Apt_Malware_Any_Macma_A : STORMBAMBOO FILE MEMORY condition: any of ($magic*) or 7 of ($s*) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Macos_Gimmick : STORMBAMBOO FILE MEMORY { @@ -208500,8 +209803,8 @@ rule VOLEXITY_Apt_Malware_Macos_Gimmick : STORMBAMBOO FILE MEMORY condition: $s1 or 5 of ($json*) or 3 of ($msg*) or 9 of ($cmd*) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Win_Dustpan_Apihashes : STORMBAMBOO FILE { @@ -208544,8 +209847,8 @@ rule VOLEXITY_Apt_Malware_Win_Dustpan_Apihashes : STORMBAMBOO FILE condition: 6 of ($h*) and $magic } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Win_Pocostick_Jul23 : STORMBAMBOO FILE MEMORY { @@ -208584,8 +209887,8 @@ rule VOLEXITY_Apt_Malware_Win_Pocostick_Jul23 : STORMBAMBOO FILE MEMORY condition: 6 of them } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Py_Dustpan_Pyloader : STORMBAMBOO FILE MEMORY { @@ -208626,8 +209929,8 @@ rule VOLEXITY_Apt_Malware_Py_Dustpan_Pyloader : STORMBAMBOO FILE MEMORY condition: 3 of ($s_*) or any of ($url_*) or $path_1 } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Win_Pocostick_B : STORMBAMBOO FILE { @@ -208662,8 +209965,8 @@ rule VOLEXITY_Apt_Malware_Win_Pocostick_B : STORMBAMBOO FILE condition: all of ($a*) or for any resource in pe.resources : (hash.sha256(resource.offset,resource.length)=="b098afd3657b956edbace77499e5e20414ab595a17ffc437b9dadc791eff1cfa" or hash.sha256(resource.offset,resource.length)=="2e53e960d45d657d8ba9929f6c8b34e90b2ae15b879768099474678dd1864f3b") } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Elf_Catchdns_Aug20_Memory : DRIFTINGBAMBOO FILE MEMORY { @@ -208865,8 +210168,8 @@ rule VOLEXITY_Hacktool_Py_Pysoxy : FILE MEMORY condition: all of them } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Vbs_Basicstar : CHARMINGCYPRESS FILE MEMORY { @@ -208902,8 +210205,8 @@ rule VOLEXITY_Apt_Malware_Vbs_Basicstar : CHARMINGCYPRESS FILE MEMORY condition: 3 of ($s*) or $magic } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Ps1_Powerless_B : CHARMINGCYPRESS FILE MEMORY { @@ -208968,8 +210271,8 @@ rule VOLEXITY_Apt_Malware_Ps1_Powerless_B : CHARMINGCYPRESS FILE MEMORY condition: 3 of ($fun_*) or any of ($s_*) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Macos_Vpnclient_Cc_Oct23 : CHARMINGCYPRESS FILE MEMORY { @@ -209004,8 +210307,8 @@ rule VOLEXITY_Apt_Malware_Macos_Vpnclient_Cc_Oct23 : CHARMINGCYPRESS FILE MEMORY condition: 2 of ($s*) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Charmingcypress_Openvpn_Configuration : CHARMINGCYPRESS FILE { @@ -209039,8 +210342,8 @@ rule VOLEXITY_Apt_Malware_Charmingcypress_Openvpn_Configuration : CHARMINGCYPRES condition: all of them } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Delivery_Win_Charming_Openvpn_Client : CHARMINGCYPRESS FILE { @@ -209073,8 +210376,8 @@ rule VOLEXITY_Apt_Delivery_Win_Charming_Openvpn_Client : CHARMINGCYPRESS FILE condition: all of ($s*) } -import "pe" import "hash" +import "pe" rule VOLEXITY_Apt_Malware_Ps1_Powerstar_Generic : CHARMINGCYPRESS FILE MEMORY { @@ -211478,7 +212781,7 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask : EVILBAMBOO FILE * YARA Rule Set * Repository Name: JPCERTCC * Repository: https://github.com/JPCERTCC/MalConfScan/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e * Number of Rules: 30 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -212322,7 +213625,7 @@ rule JPCERTCC_Elf_Wellmess : FILE * YARA Rule Set * Repository Name: SecuInfra * Repository: https://github.com/SIFalcon/Detection - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd * Number of Rules: 45 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -212745,9 +214048,9 @@ rule SECUINFRA_RANSOM_Esxiargs_Ransomware_Python_Feb23 condition: $python and $desc and 4 of ($command*) and $cmd and $OpenSLPPort and $listener } -import "pe" import "console" import "math" +import "pe" rule SECUINFRA_RANSOM_Lockbit_Black_Packer : RANSOMWARE FILE { @@ -213229,8 +214532,8 @@ rule SECUINFRA_SUSP_Powershell_Download_Temp_Rundll_1 : POWERSHELL DOWNLOAD condition: $location and $download and $rundll } -import "pe" import "dotnet" +import "pe" rule SECUINFRA_APT_Bitter_Maldoc_Verify : CVE_2018_0798 { @@ -213265,8 +214568,8 @@ rule SECUINFRA_APT_Bitter_Maldoc_Verify : CVE_2018_0798 condition: 3 of ($xor_string*) and $padding } -import "pe" import "dotnet" +import "pe" rule SECUINFRA_APT_Bitter_Almond_RAT : FILE { @@ -213297,8 +214600,8 @@ rule SECUINFRA_APT_Bitter_Almond_RAT : FILE condition: uint16(0)==0x5a4d and dotnet.version=="v4.0.30319" and filesize >12KB and filesize <68KB and any of ($function*) and any of ($dbg*) } -import "pe" import "dotnet" +import "pe" rule SECUINFRA_APT_Bitter_PDB_Paths : FILE { @@ -213637,7 +214940,7 @@ rule SECUINFRA_DROPPER_Asyncrat_VBS_February_2022_1 : FILE * YARA Rule Set * Repository Name: RussianPanda * Repository: https://github.com/RussianPanda95/Yara-Rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 2b40630c067f4ba3a207fcf1951e07a9a01ba69a * Number of Rules: 77 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -215663,7 +216966,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE * YARA Rule Set * Repository Name: Check Point * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 4 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -215877,7 +217180,7 @@ rule CHECK_POINT_Malware_Bumblebee_Packed * YARA Rule Set * Repository Name: Dragon Threat Labs * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 7 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -216074,7 +217377,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win64_Dropper : DROPPER FILE * YARA Rule Set * Repository Name: Microsoft * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 21 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -216678,7 +217981,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE * YARA Rule Set * Repository Name: NCSC * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 17 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217149,7 +218452,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine * YARA Rule Set * Repository Name: Dr4k0nia * Repository: https://github.com/dr4k0nia/yara-rules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8 * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217330,7 +218633,7 @@ rule DR4K0NIA_Msil_Suspicious_Use_Of_Strreverse : FILE * YARA Rule Set * Repository Name: EmbeeResearch * Repository: https://github.com/embee-research/Yara-detection-rules/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4 * Number of Rules: 39 * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance) @@ -218006,8 +219309,8 @@ rule EMBEERESEARCH_Win_Njrat_Bytecodes_V2_Oct_2023 condition: dotnet.is_dotnet and ( all of ($s*)) } -import "pe" import "math" +import "pe" rule EMBEERESEARCH_Win_Pikabot_Resource_Entropy_Oct_2023 { @@ -218423,7 +219726,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE * YARA Rule Set * Repository Name: AvastTI * Repository: https://github.com/avast/ioc - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: c696ec4bc17b1d41d5585d40ccf476f445b4a3de * Number of Rules: 33 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -219286,7 +220589,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64 * YARA Rule Set * Repository Name: SBousseaden * Repository: https://github.com/sbousseaden/YaraHunts/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb * Number of Rules: 36 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -220363,7 +221666,7 @@ rule SBOUSSEADEN_Shad0W_Beacon_16June : FILE * YARA Rule Set * Repository Name: Elceef * Repository: https://github.com/elceef/yara-rulz - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 05834717d1464d5efce8ad9d688ff7b53886a0bb * Number of Rules: 17 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -220863,7 +222166,7 @@ rule ELCEEF_ZIP_High_Ratio_Single_Doc : FILE * YARA Rule Set * Repository Name: GodModeRules * Repository: https://github.com/Neo23x0/god-mode-rules/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 436dc682164cf17a123d6b09d1424e7e2acf0c25 * Number of Rules: 1 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -221134,7 +222437,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule * YARA Rule Set * Repository Name: Cod3nym * Repository: https://github.com/cod3nym/detection-rules/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9 * Number of Rules: 13 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -221578,7 +222881,7 @@ rule COD3NYM_SUSP_RLO_Exe_Extension_Spoofing_Jan24 * YARA Rule Set * Repository Name: craiu * Repository: https://github.com/craiu/yararules - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243 * Number of Rules: 13 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -222743,7 +224046,7 @@ rule CRAIU_Exploit_CVE_2024_6387 : CVE_2024_6387 FILE * YARA Rule Set * Repository Name: DitekSHen * Repository: https://github.com/ditekshen/detection - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635 * Number of Rules: 1443 * Skipped: 0 (age), 112 (quality), 0 (score), 0 (importance) @@ -238274,8 +239577,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3B0E3879266F3Bc98225B390 : FILE condition: uint16(0)==0x5a4d and for any i in (0..pe.number_of_signatures) : (pe.signatures[i].subject contains "Hangzhou Yueju Apparel Co., Ltd." and pe.signatures[i].issuer contains "GlobalSign GCC R45 EV CodeSigning CA 2020" and pe.signatures[i].serial=="3b:0e:38:79:26:6f:3b:c9:82:25:b3:90") } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Reflectiveloader : FILE { @@ -238301,8 +239604,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Reflectiveloader : FILE condition: uint16(0)==0x5a4d and (1 of them or (pe.exports("ReflectiveLoader@4") or pe.exports("_ReflectiveLoader@4") or pe.exports("ReflectiveLoader"))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_Archive : FILE { @@ -238339,8 +239642,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_Archive : FILE condition: ( uint32(0)==0xe0ffd8ff or uint32(0)==0x474e5089 or uint16(0)==0x4d42) and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Eventviewer : FILE { @@ -238366,8 +239669,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Eventviewer : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Cleanmgr : FILE { @@ -238393,8 +239696,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Cleanmgr : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Enable_Officemacro : FILE { @@ -238427,8 +239730,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Enable_Officemacro : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or 2 of ($h*) or 2 of ($d*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Disable_Officeprotectedview : FILE { @@ -238461,8 +239764,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Disable_Officeprotectedview : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or 2 of ($h*) or 2 of ($d*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Sandboxproductid : FILE { @@ -238498,8 +239801,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Sandboxproductid : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE { @@ -238528,8 +239831,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE condition: uint16(0)==0x5a4d and (1 of ($d*) and 1 of ($s*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCOM : T1218 FILE { @@ -238558,8 +239861,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCOM : T1218 FILE condition: uint16(0)==0x5a4d and (1 of ($guid*) and 1 of ($s*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store : FILE { @@ -238590,8 +239893,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store : FIL condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients : FILE { @@ -238662,8 +239965,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Usndeletejournal : FILE { @@ -238696,8 +239999,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Usndeletejournal : FILE condition: uint16(0)==0x5a4d and ( not any of ($ne*) and ((1 of ($cmd*) and 1 of ($s*)) or 1 of ($s*))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Geninfostealer : FILE { @@ -238741,8 +240044,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Geninfostealer : FILE condition: uint16(0)==0x5a4d and ((2 of ($f*) and 2 of ($b*) and 1 of ($s*) and 3 of ($a*)) or (14 of them )) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE { @@ -238773,8 +240076,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE condition: 1 of ($enc*) and 4 of ($s*) and filesize <2500KB } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_Hex_B64Encoded_EXE : FILE { @@ -238805,8 +240108,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_Hex_B64Encoded_EXE : FILE condition: $binary and $pattern and 2 of ($s*) and filesize <2500KB } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE { @@ -238834,8 +240137,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE condition: ( uint16(0)==0x004c or uint16(0)==0x5a4d) and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_AMSI_Bypass : FILE { @@ -238865,8 +240168,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AMSI_Bypass : FILE condition: 5 of them and filesize <2000KB } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_PE_Resourcetuner : FILE { @@ -238891,8 +240194,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_PE_Resourcetuner : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sectools_B64Encoded : FILE { @@ -238953,8 +240256,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sectools_B64Encoded : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sandbox_Artifacts : FILE { @@ -239004,8 +240307,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sandbox_Artifacts : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE { @@ -239031,8 +240334,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Passwordcredential_Retrievepassword { @@ -239059,8 +240362,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Passwordcredential_Retrievepassword condition: $namespace and 1 of ($method*) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Envvarscheduledtasks { @@ -239088,8 +240391,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Envvarscheduledtasks condition: all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Fodhelper { @@ -239117,8 +240420,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Fodhelper condition: all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern { @@ -239145,8 +240448,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern condition: not any of ($ne*) and any of ($pat*) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCMD : FILE { @@ -239176,8 +240479,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCMD : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_WMI_Execquery { @@ -239206,8 +240509,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_WMI_Execquery condition: ($ex and all of ($s*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_XML_Liverpool_Downlaoder_Userconfig : FILE { @@ -239233,8 +240536,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_XML_Liverpool_Downlaoder_Userconfig : FILE condition: uint32(0)==0x6d783f3c and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Encoded_Useragent : FILE { @@ -239260,8 +240563,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Encoded_Useragent : FILE condition: uint16(0)==0x5a4d and any of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Winddefender_Antiemaulation : FILE { @@ -239287,8 +240590,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Winddefender_Antiemaulation : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Attrib : FILE { @@ -239313,8 +240616,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Attrib : FILE condition: uint16(0)==0x5a4d and any of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Clearmytracksbyprocess : FILE { @@ -239339,8 +240642,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Clearmytracksbyprocess : FILE condition: uint16(0)==0x5a4d and any of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dotnetprochook : FILE { @@ -239368,8 +240671,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dotnetprochook : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Telegramchatbot : FILE { @@ -239401,8 +240704,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Telegramchatbot : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or (2 of ($p*) and 1 of ($s*))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Artifacts : FILE { @@ -239430,8 +240733,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Artifacts : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discordurl : FILE { @@ -239463,8 +240766,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discordurl : FILE condition: uint16(0)==0x5a4d and any of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Disablewindefender : FILE { @@ -239503,8 +240806,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Disablewindefender : FILE condition: uint16(0)==0x5a4d and (1 of ($r*) and 1 of ($k*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Iexecutecommandcom : FILE { @@ -239535,8 +240838,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Iexecutecommandcom : FILE condition: uint16(0)==0x5a4d and ((1 of ($r*) and 1 of ($k*)) or ( all of ($s*))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_WMI_Enumeratevideodevice : FILE { @@ -239567,8 +240870,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_WMI_Enumeratevideodevice : FILE condition: uint16(0)==0x5a4d and ((1 of ($q*) and 1 of ($d*)) or 3 of ($d*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dcratby : FILE { @@ -239593,8 +240896,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dcratby : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Winjail : FILE { @@ -239619,8 +240922,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Winjail : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Oldcopypaste : FILE { @@ -239656,8 +240959,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Oldcopypaste : FILE condition: uint16(0)==0x5a4d and (3 of ($s*) or all of ($v*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Go_Golazagne : FILE { @@ -239683,8 +240986,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Go_Golazagne : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_CSPROJ : FILE { @@ -239713,8 +241016,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_CSPROJ : FILE condition: uint32(0)==0x6f72503c and ( all of ($s*) and 2 of ($x*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Sandbox_Evasion_Filescomb : FILE { @@ -239748,8 +241051,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Sandbox_Evasion_Filescomb : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Virtdrvcomb : FILE { @@ -239805,8 +241108,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Virtdrvcomb : FILE condition: uint16(0)==0x5a4d and ((2 of ($p*) and (2 of ($vb*) or 2 of ($vp*) or 2 of ($vw*))) or (2 of ($vb*) and (2 of ($p*) or 2 of ($vp*) or 2 of ($vw*))) or (2 of ($vp*) and (2 of ($p*) or 2 of ($vb*) or 2 of ($vw*))) or (2 of ($vw*) and (2 of ($p*) or 2 of ($vb*) or 2 of ($vp*)))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Nonewindowsua : FILE { @@ -239847,8 +241150,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Nonewindowsua : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Toomanywindowsua : FILE { @@ -239889,8 +241192,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Toomanywindowsua : FILE condition: uint16(0)==0x5a4d and 5 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Macaddrcomb : FILE { @@ -239922,8 +241225,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Macaddrcomb : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discord_Regex : FILE { @@ -239948,8 +241251,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discord_Regex : FILE condition: ( uint16(0)==0x5a4d and all of them ) or all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_VPN : FILE { @@ -239980,8 +241283,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_VPN : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Vaultschemaguid : FILE { @@ -240013,8 +241316,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Vaultschemaguid : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_UNK01 : FILE { @@ -240053,8 +241356,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_UNK01 : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_WMIC : FILE { @@ -240081,8 +241384,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_WMIC : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablesmbv1 : FILE { @@ -240107,8 +241410,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablesmbv1 : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablenetworkdiscovery : FILE { @@ -240134,8 +241437,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablenetworkdiscovery : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Authapps : FILE { @@ -240161,8 +241464,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Authapps : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Undocumented_Winapi_Kerberos : FILE { @@ -240189,8 +241492,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Undocumented_Winapi_Kerberos : FILE condition: uint16(0)==0x5a4d and all of ($kdc*) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_NKN_BCP2P : FILE { @@ -240223,8 +241526,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_NKN_BCP2P : FILE condition: uint16(0)==0x5a4d and (1 of ($x*) or all of ($s*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Passwordmanagers : FILE { @@ -240252,8 +241555,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Passwordmanagers : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Wirelessnetreccon : FILE { @@ -240280,8 +241583,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Wirelessnetreccon : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Gitconfdata : FILE { @@ -240310,8 +241613,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Gitconfdata : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Reversed : FILE { @@ -240336,8 +241639,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Reversed : FILE condition: uint16( filesize -0x2)==0x4d5a and $s1 } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICOUS_EXE_UNC_Regex : FILE { @@ -240383,8 +241686,8 @@ rule DITEKSHEN_INDICATOR_SUSPICOUS_EXE_UNC_Regex : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleterecentitems : FILE { @@ -240412,8 +241715,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleterecentitems : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deletewindefenderquarantinefiles : FILE { @@ -240444,8 +241747,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deletewindefenderquarantinefiles : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or (1 of ($r*) and 2 of ($p*))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleteshimcache : FILE { @@ -240473,8 +241776,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleteshimcache : FILE condition: uint16(0)==0x5a4d and (1 of ($s*) or all of ($m*)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Shredfilesteps : FILE { @@ -240504,8 +241807,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Shredfilesteps : FILE condition: uint16(0)==0x5a4d and all of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturescreenshot { @@ -240534,8 +241837,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturescreenshot condition: $encoder and (1 of ($capture*) and ($access or $save)) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturebrowserplugins { @@ -240565,8 +241868,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturebrowserplugins condition: 2 of ($s*) and 2 of ($o*) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_B64_EXE : FILE { @@ -240600,8 +241903,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_B64_EXE : FILE condition: ( uint32(0)==0xd8ff or uint32(0)==0x474e5089 or uint16(0)==0x4d42) and ((2 of ($m*)) or (1 of ($h*))) } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Transfersh_URL : FILE { @@ -240626,8 +241929,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Transfersh_URL : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "pe" import "time" +import "pe" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Publicserviceinterface : FILE { @@ -264612,7 +265915,7 @@ rule DITEKSHEN_INDICATOR_RTF_Remotetemplate : CVE_2017_11882 FILE * YARA Rule Set * Repository Name: WithSecureLabs * Repository: https://github.com/WithSecureLabs/iocs - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -264867,7 +266170,7 @@ rule WITHSECURELABS_Kapeka_Backdoor : FILE * YARA Rule Set * Repository Name: HarfangLab * Repository: https://github.com/HarfangLab/iocs - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: 8dd8e9296b110ce3fb13bc557a0295dff8c4c357 * Number of Rules: 18 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -265560,7 +266863,7 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE * YARA Rule Set * Repository Name: LOLDrivers * Repository: https://github.com/magicsword-io/LOLDrivers/ - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: c9f1c82aac6d9d4c2e472375af843110e0f9b663 * Number of Rules: 529 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -282120,7 +283423,7 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ndislansys_Microsoftwindowsopera * YARA Rule Set * Repository Name: Signature Base * Repository: https://github.com/Neo23x0/signature-base - * Retrieval Date: 2024-11-24 + * Retrieval Date: 2024-12-01 * Git Commit: c60c8e3408dce1c9597259b8816f7526df9ac778 * Number of Rules: 4287 * Skipped: 0 (age), 6 (quality), 4 (score), 0 (importance) @@ -283624,8 +284927,8 @@ rule SIGNATURE_BASE_OSX_Backdoor_Bella : FILE condition: uint32(0)==0x752f2123 and $h1 at 0 and filesize <120KB and @s0[1]<100 and @s1[1]<100 and @s2[1]<100 and 1 of ($p*) or all of ($subpart1_*) or all of ($subpart2_*) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Pipe_Backdoor : FILE { @@ -283654,8 +284957,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Pipe_Backdoor : FILE condition: uint16(0)==0x5A4D and ( all of ($a*)) and filesize <100000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE { @@ -283686,8 +284989,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE condition: uint16(0)==0x5A4D and ( any of ($a*) or (pe.exports("InitializeChangeNotify") and pe.exports("PasswordChangeNotify") and math.entropy(0x400, filesize )>=7.5)) and filesize <1000000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_SSPI : FILE { @@ -283709,8 +285012,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_SSPI : FILE condition: uint16(0)==0x5A4D and filesize <1000000 and pe.exports("InitSecurityInterfaceA") and pe.characteristics&pe.DLL and (pe.machine==pe.MACHINE_AMD64 or pe.machine==pe.MACHINE_IA64) and math.entropy(0x400, filesize )>=7.5 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Mytrampoline : FILE { @@ -283739,8 +285042,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Mytrampoline : FILE condition: uint16(0)==0x5A4D and filesize <5000000 and ( all of ($a*) or any of ($b*)) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_Container : FILE { @@ -283766,8 +285069,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_Container : FILE condition: uint16(0)==0x5A4D and ((@vfs_header<0x4000) or $salt) and math.entropy(0x400, filesize )>=6.5 and ( filesize >0x400) and filesize <10000000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encryption : FILE { @@ -283794,8 +285097,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encryption : FILE condition: filesize <5000000 and any of ($a*) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Generic_Pipe_Backdoor : FILE { @@ -296498,8 +297801,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_3 : FILE condition: uint16(0)==0x5a4d and filesize <100KB and (1 of ($x*) or 2 of them ) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_1 : FILE { @@ -296523,8 +297826,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_1 : FILE condition: filesize <5000KB and 1 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_2 : FILE { @@ -296551,8 +297854,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_2 : FILE condition: filesize <5000KB and all of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_NV_Link_May21_2 : FILE { @@ -296577,8 +297880,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_NV_Link_May21_2 : FILE condition: filesize <5000KB and 1 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_Samples_May21_1 : FILE { @@ -296612,8 +297915,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_Samples_May21_1 : FILE condition: uint16(0)==0x004c and filesize <4KB and $a1 and ( all of ($sa*) or all of ($sb*) or all of ($sc*) or all of ($sd*) or all of ($se*)) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_1 { @@ -296638,8 +297941,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_1 condition: 1 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_PDF_Masq_May21_1 : FILE { @@ -296667,8 +297970,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_PDF_Masq_May21_1 : FILE condition: $ah1 at 0 and $af1 at ( filesize -7) and filesize <100KB and not 1 of ($fp*) and math.entropy(16, filesize )>7 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Nativezone_Loader_May21_1 : FILE { @@ -296698,8 +298001,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Nativezone_Loader_May21_1 : FILE condition: uint16(0)==0x5a4d and filesize <3000KB and 3 of them or 4 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_2 : FILE { @@ -296735,8 +298038,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_2 : FILE condition: uint16(0)==0x5a4d and filesize <40KB and 3 of them or 4 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_2 : FILE { @@ -296764,8 +298067,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_2 : FILE condition: filesize <2200KB and all of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Stageless_Loader_May21_2 : FILE { @@ -296796,8 +298099,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Stageless_Loader_May21_2 : FILE condition: uint16(0)==0x5a4d and filesize <900KB and 2 of them or 3 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_3 : FILE { @@ -296829,8 +298132,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_3 : FILE condition: filesize <3000KB and ($xc1 or 3 of them ) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_4 : FILE { @@ -297026,8 +298329,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_3 condition: (1 of ($x*)) or (8 of ($s*)) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Gifcloaked_Webshell_A : FILE { @@ -298173,8 +299476,8 @@ rule SIGNATURE_BASE_CN_Actor_Ammyyadmin : FILE condition: ( uint16(0)==0x5a4d and filesize <2000KB and all of them ) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE { @@ -298204,8 +299507,8 @@ rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE condition: uint16(0)==0x5A4D and all of them and filesize <700000 and pe.number_of_sections>4 and pe.number_of_resources>1 and pe.number_of_resources<15 and for any i in (0..pe.number_of_resources-1) : ((math.entropy(pe.resources[i].offset,pe.resources[i].length)>7.8) and pe.resources[i].id==101 and pe.resources[i].length>20000 and pe.resources[i].language==0 and not ($mz in (pe.resources[i].offset..pe.resources[i].offset+pe.resources[i].length))) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_Main_Sub : FILE { @@ -298232,8 +299535,8 @@ rule SIGNATURE_BASE_Stonedrill_Main_Sub : FILE condition: uint16(0)==0x5A4D and $code and filesize <5000000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_BAT_1 : FILE { @@ -298262,8 +299565,8 @@ rule SIGNATURE_BASE_Stonedrill_BAT_1 : FILE condition: uint32(0)==0x68636540 and 2 of them and filesize <500 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_Service_Install : FILE { @@ -298291,8 +299594,8 @@ rule SIGNATURE_BASE_Stonedrill_Service_Install : FILE condition: 2 of them and filesize <500 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_Ntssrvr32 : FILE { @@ -298323,8 +299626,8 @@ rule SIGNATURE_BASE_Stonedrill_Ntssrvr32 : FILE condition: ( uint16(0)==0x5a4d and filesize <4000KB and 3 of them ) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_Malware_2 : FILE { @@ -298361,8 +299664,8 @@ rule SIGNATURE_BASE_Stonedrill_Malware_2 : FILE condition: ( uint16(0)==0x5a4d and filesize <700KB and (1 of ($x*) or 3 of ($s*))) or 5 of them } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill : FILE { @@ -298396,8 +299699,8 @@ rule SIGNATURE_BASE_Stonedrill : FILE condition: uint16(0)==0x5a4d and filesize <700KB and 1 of ($x*) or ( all of ($op*) and all of ($s*)) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Stonedrill_VBS_1 : FILE { @@ -351301,7 +352604,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE description = "Energetic Bear API Hashing Tool" author = "CERT RE Team" id = "4e58800a-9618-5d8b-954c-e843be6002c2" - date = "2024-02-24" + date = "2024-02-01" modified = "2023-12-05" reference = "https://github.com/Neo23x0/signature-base" source_url = "https://github.com/Neo23x0/signature-base/blob/c60c8e3408dce1c9597259b8816f7526df9ac778/yara/apt_ta17_293A.yar#L77-L93"