diff --git a/samples/Linux/2024.Kaiji/eight-nebraska-autumn-illinois.simple b/samples/Linux/2024.Kaiji/eight-nebraska-autumn-illinois.simple
index 81607ca7a..2a4590282 100644
--- a/samples/Linux/2024.Kaiji/eight-nebraska-autumn-illinois.simple
+++ b/samples/Linux/2024.Kaiji/eight-nebraska-autumn-illinois.simple
@@ -1,4 +1,5 @@
 # Linux/2024.Kaiji/eight-nebraska-autumn-illinois
+3P/elastic/threat
 combo/backdoor/kill_rm
 combo/botnet/systemctl
 combo/dropper/shell
diff --git a/samples/Windows/2024.GitHub.Clipper/main.exe.simple b/samples/Windows/2024.GitHub.Clipper/main.exe.simple
index 4b98467e2..d95a49533 100644
--- a/samples/Windows/2024.GitHub.Clipper/main.exe.simple
+++ b/samples/Windows/2024.GitHub.Clipper/main.exe.simple
@@ -1,7 +1,7 @@
 # Windows/2024.GitHub.Clipper/main.exe
 3P/ditekshen/discordurl
-3P/ditekshen/rawgithub/url
 3P/ditekshen/vm/evasion/macaddrcomb
+3P/elastic/multi/threat
 3P/threat_hunting
 3P/threat_hunting/cstealer
 3P/threat_hunting/fentanyl
diff --git a/samples/Windows/2024.Sharp/sharpil_RAT.exe.md b/samples/Windows/2024.Sharp/sharpil_RAT.exe.md
index 2bc5aae05..5d9af4ad8 100644
--- a/samples/Windows/2024.Sharp/sharpil_RAT.exe.md
+++ b/samples/Windows/2024.Sharp/sharpil_RAT.exe.md
@@ -2,7 +2,7 @@
 
 |   RISK   |                                                                              KEY                                                                               |                                                                                  DESCRIPTION                                                                                   |                                                                                   EVIDENCE                                                                                   |
 |----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| CRITICAL | [3P/ditekshen/telegramchatbot](https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1291-L1306) | Detects executables using Telegram Chat Bot, by [ditekSHen](https://github.com/ditekshen/detection)                                                                            | $p1<br>$p2<br>$s1<br>$s2<br>$s4                                                                                                                                              |
+| CRITICAL | [3P/ditekshen/telegramchatbot](https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1293-L1308) | Detects executables using Telegram Chat Bot, by [ditekSHen](https://github.com/ditekshen/detection)                                                                            | $p1<br>$p2<br>$s1<br>$s2<br>$s4                                                                                                                                              |
 | MEDIUM   | [3P/threat_hunting/telegram](https://github.com/chainguard-dev/bincapz/blob/main/rules/yara/threat_hunting/all.yara#telegram_greyware_tool_keyword)            | [references 'telegram' tool](https://github.com/mthcht/ThreatHunting-Keywords), by mthcht                                                                                      | $string1_telegram_greyware_tool_keyword                                                                                                                                      |
 | MEDIUM   | [data/emdedded/app/manifest](https://github.com/chainguard-dev/bincapz/blob/main/rules/data/emdedded-app-manifest.yara#app_manifest)                           | [Contains embedded Microsoft Windows application manifest](https://learn.microsoft.com/en-us/cpp/build/reference/manifestuac-embeds-uac-information-in-manifest?view=msvc-170) | [requestedExecutionLevel](https://github.com/search?q=requestedExecutionLevel&type=code)<br>[requestedPrivileges](https://github.com/search?q=requestedPrivileges&type=code) |
 | MEDIUM   | [net/download](https://github.com/chainguard-dev/bincapz/blob/main/rules/net/download.yara#download)                                                           | download files                                                                                                                                                                 | [DownloadString](https://github.com/search?q=DownloadString&type=code)<br>[Downloads](https://github.com/search?q=Downloads&type=code)                                       |
diff --git a/samples/macOS/2023.3CX/libffmpeg.dirty.mdiff b/samples/macOS/2023.3CX/libffmpeg.dirty.mdiff
index 7c4e5788d..23d80575e 100644
Binary files a/samples/macOS/2023.3CX/libffmpeg.dirty.mdiff and b/samples/macOS/2023.3CX/libffmpeg.dirty.mdiff differ
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
index a793b4632..85b77d08b 100644
--- a/third_party/yara/YARAForge/RELEASE
+++ b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20240602
+20240616
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar
index cd6b52e46..29c515cef 100644
--- a/third_party/yara/YARAForge/yara-rules-full.yar
+++ b/third_party/yara/YARAForge/yara-rules-full.yar
@@ -12,15 +12,15 @@
  * Force Exclude Importance Level: 0
  * Minimum Age (in days): 0
  * Minimum Score: 40
- * Creation Date: 2024-06-02
- * Number of Rules: 11599
+ * Creation Date: 2024-06-16
+ * Number of Rules: 11736
  * Skipped: 0 (age), 234 (quality), 4 (score), 0 (importance)
  */
 /*
  * YARA Rule Set
  * Repository Name: ReversingLabs
  * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: d35a6845dcd00f2840f690611612b04dda6d195d
  * Number of Rules: 1208
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -24501,8 +24501,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Vit virus."
 		author = "ReversingLabs"
 		id = "4515fe43-4c5a-521d-82b7-273823f0c64e"
-		date = "2024-06-02"
-		date = "2024-06-02"
+		date = "2024-06-16"
+		date = "2024-06-16"
 		modified = "2023-06-07"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/virus/Linux.Virus.Vit.yara#L3-L36"
@@ -52237,8 +52237,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Oni ransomware."
 		author = "ReversingLabs"
 		id = "9190aee2-1119-546e-82ca-a7aba44a9d7f"
-		date = "2024-06-02"
-		date = "2024-06-02"
+		date = "2024-06-16"
+		date = "2024-06-16"
 		modified = "2020-12-07"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82"
@@ -54129,8 +54129,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE
 		description = "Yara rule that detects Oct ransomware."
 		author = "ReversingLabs"
 		id = "e811a0ba-52df-5e88-ab71-df91d5cb584a"
-		date = "2024-10-02"
-		date = "2024-10-02"
+		date = "2024-10-16"
+		date = "2024-10-16"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68"
@@ -55193,9 +55193,9 @@ rule REVERSINGLABS_Win32_Infostealer_Stealc : TC_DETECTION MALICIOUS MALWARE FIL
  * YARA Rule Set
  * Repository Name: Elastic
  * Repository: https://github.com/elastic/protections-artifacts/
- * Retrieval Date: 2024-06-02
- * Git Commit: 30ed729a461f99a5d0f26622302d68d1416fabc6
- * Number of Rules: 1635
+ * Retrieval Date: 2024-06-16
+ * Git Commit: efd00abcfc634000adf2f245f5bebfb9ea7e067a
+ * Number of Rules: 1763
  * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
  *
  *
@@ -55305,8 +55305,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Aa20A3C6 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6"
 		logic_hash = "3b383934dc91536f69e2c6cb2cf2054c5f8a08766ecf1d1804c57f3a2c39c1c2"
 		score = 75
@@ -55334,8 +55334,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Ce0Bda23 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89"
 		logic_hash = "f7fbe0255a006cce42aff61b294512c11e1cceaf11d5c1b6f75b96fb3b155895"
 		score = 75
@@ -55363,8 +55363,8 @@ rule ELASTIC_Linux_Ransomware_Itssoeasy_30Bd68E0 : FILE MEMORY
 		date = "2023-07-28"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "efb1024654e86c0c30d2ac5f97d27f5f27b4dd3f7f6ada65d58691f0d703461c"
 		logic_hash = "a8838af442d1106bc9a7df93d6d8335ff0275bf5928acbb605e9bad58ce6bbd4"
 		score = 75
@@ -55393,8 +55393,8 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fad956a6a38abac8a8a0f14cc50f473ec6fc1c9fd204e235b89523183931090b"
 		logic_hash = "413f19744240eae0a87d56da1e524e2afa0fe0ec385bd9369218713b13a93495"
 		score = 75
@@ -55422,8 +55422,8 @@ rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY
 		date = "2024-03-25"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1"
 		logic_hash = "efc1259f4ed05c8f41df75c056d36fd5a808a92b5c88cfb0522caedea39476b4"
 		score = 75
@@ -55449,6 +55449,41 @@ rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY
 	condition:
 		($name and 1 of ($s*)) or all of ($s*)
 }
+rule ELASTIC_Windows_Trojan_Mylobot_A895174A : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Mylobot (Windows.Trojan.MyloBot)"
+		author = "Elastic Security"
+		id = "a895174a-0395-4ccb-b681-e8111a817a5c"
+		date = "2024-05-15"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "33831d9ad64d0f52f507f08ef81607aafa6ced58a189969af6cf57c659c982d2"
+		logic_hash = "16f2d8eeb6c85944030a33bd250e4e8b98985a6c877a0ec3ad5a6037e7c00159"
+		score = 75
+		quality = 50
+		tags = "FILE, MEMORY"
+		fingerprint = "dfa1e47260c0e07fea3b2b61157de71f412807b9eec19b14082da7d6a95d6099"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = "%s\\%s.lnk" wide fullword
+		$a2 = "%s\\%s.exe" wide fullword
+		$a3 = "%s\\%s\\%s.exe" wide fullword
+		$a4 = "HTTP/1.0 502" ascii fullword
+		$a5 = "/c \"%ws '%ws%s'\"" ascii fullword
+		$a6 = ">> %ws %ws %ws" ascii fullword
+		$a7 = "%s\\DefaultIcon" ascii fullword
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY
 {
 	meta:
@@ -55458,8 +55493,8 @@ rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY
 		date = "2022-01-14"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Rook.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Rook.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac"
 		logic_hash = "6fe19cfc572a3dceba5e26615d111a3c0fa1036e275a5640a5c5a8f8cdaf6dc1"
 		score = 75
@@ -55487,8 +55522,8 @@ rule ELASTIC_Macos_Creddump_Keychainaccess_535C1511 : FILE MEMORY
 		date = "2023-04-11"
 		modified = "2024-01-30"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5234dcab6c9ca994c3d40243d882bd50e51fd77bba107e37ef494a04f6bf6112"
 		score = 75
 		quality = 49
@@ -55522,8 +55557,8 @@ rule ELASTIC_Windows_Trojan_Doubleback_D2246A35 : FILE MEMORY
 		date = "2022-05-29"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012"
 		logic_hash = "2241d2c6e5b5896fe6f3b02cb1786c39fa620ee503c4585bd75c8763b6d3c06a"
 		score = 75
@@ -55563,8 +55598,8 @@ rule ELASTIC_Windows_Ransomware_Royal_B7D42109 : FILE MEMORY
 		date = "2022-11-04"
 		modified = "2022-12-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Royal.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Royal.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "491c2b32095174b9de2fd799732a6f84878c2e23b9bb560cd3155cbdc65e2b80"
 		logic_hash = "06f4a1487e97e0b8c1f5df380ab4f90b37ef0a508aba7dac272c16c8371d8143"
 		score = 75
@@ -55595,8 +55630,8 @@ rule ELASTIC_Windows_Vulndriver_Procexp_Aeb4E5C0 : FILE
 		date = "2022-04-04"
 		modified = "2022-10-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c"
 		logic_hash = "827bb2efb6d3442233f81e87a42a3f5ee5caaeadc459070c6d347c6515866c93"
 		score = 75
@@ -55626,8 +55661,8 @@ rule ELASTIC_Macos_Backdoor_Kagent_64Ca1865 : FILE MEMORY
 		date = "2021-11-11"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d599d7814adbab0f1442f5a10074e00f3a776ce183ea924abcd6154f0d068bb4"
 		logic_hash = "dea0a1bbe8c3065b395de50b5ffc2fbdf479ed35ce284fa33298d6ed55e960c6"
 		score = 75
@@ -55661,8 +55696,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2Aef46A6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d2c88774eb5227cf2d133644c648ebe5ba40c7e0acb2b432bc6a1a9da10bfb3f"
 		score = 75
 		quality = 73
@@ -55689,8 +55724,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_A6572D63 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2ff33adb421a166895c3816d506a63dff4e1e8fa91f2ac8fb763dc6e8df59d6e"
 		logic_hash = "237392fe51c8528cb5ed446facfcd3535b8e1d594d77a542361873bd52426fa7"
 		score = 75
@@ -55718,8 +55753,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E41143E1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4564bf2019ff5086071ff147c9cf1e16b8627ce5d70cbe8370aecbd518d94b57"
 		score = 75
 		quality = 75
@@ -55746,8 +55781,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_0Eb147Ca : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b"
 		logic_hash = "b20479af0767e5e8579489b5298648b9cc84b3e0778f58d8dc9deb252d0f4806"
 		score = 75
@@ -55775,8 +55810,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_884Cab60 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "139c5c1c3816047b595deb6a8873b2964e91393642b93536cd102af9a6033e7c"
 		score = 75
 		quality = 75
@@ -55803,8 +55838,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ba961Ed2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b"
 		logic_hash = "5b486c698c9c61dc126be5dbeea862b1f9bb5a6859c02a0fff125a9890147a6b"
 		score = 75
@@ -55832,8 +55867,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2084099A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6674be1438ec290550c9586afda335755279a4aedadde455ffc0b41d1a0e634d"
 		score = 75
 		quality = 75
@@ -55860,8 +55895,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_61C88137 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "479ef38fa00bb13a3aa8448aa4a4434613c6729975e193eec29fc5047f339111"
 		logic_hash = "e999355606ee7389be160ce3e96c6a62d7f9132b95cfec7d9f8b1a670551e6b8"
 		score = 75
@@ -55889,8 +55924,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Debb98A1 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "494f549e3dd144e8bcb230dd7b3faa8ff5107d86d9548b21b619a0318e362cad"
 		logic_hash = "c2e43818fcf18d34a6a3611aaaafde31d96b41867d15dfdb1dec20203f5907eb"
 		score = 75
@@ -55918,8 +55953,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1D6E10Fd : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c7851316f01ae84ee64165be3ba910ab9b415d7f0e2f5b7e5c5a0eaefa3c287"
 		logic_hash = "01ec1af1ca03173e867113c3bec7911990a0c8c2d9f19b5233715a7f7490f5f1"
 		score = 75
@@ -55947,8 +55982,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E3Ffbbcc : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "28b7ddf2548411910af033b41982cdc74efd8a6ef059a54fda1b6cbd59faa8f6"
 		logic_hash = "54711c2d3e6d73cf4358ba4a65cb19d996adcfa905c0089a18a61fe841fe9a34"
 		score = 75
@@ -55976,8 +56011,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_30F3B4D4 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b15d43d3535965ec9b84334cf9def0e8c3d064ffc022f6890320cd6045175bc"
 		logic_hash = "99efc257ff2afb779304451bd9f6f6ce9e88f54954189601ed10e95e2268dd4f"
 		score = 75
@@ -56005,8 +56040,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ca75589C : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0448c1b2c7c738404ba11ff4b38cdc8f865ccf1e202f6711345da53ce46e7e16"
 		logic_hash = "c717e6f85a5b30514803ba43c85d82e2aaa4533b7f74db5345df83d1cc4c6551"
 		score = 75
@@ -56034,8 +56069,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_7909Cdd2 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0a4a5874f43adbe71da88dc0ef124f1bf2f4e70d0b1b5461b2788587445f79d9"
 		logic_hash = "4b2557ab78d22ae4f46e5813ba5dc4663cd92b945a1add3155f77d3030ccc92d"
 		score = 75
@@ -56063,8 +56098,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2522D611 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c2be53e298c285db8b028f563e97bf1cdced0c4564a34e740289b340db2aac1"
 		logic_hash = "59f2552809bc48e16719cb9b4d2a7b99999307803fce031ca39eb24e14b88908"
 		score = 75
@@ -56092,8 +56127,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_56Bd04D3 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d2ce3891851808fb36779a348a83bf4aa9de1a2b2684fd0692434682afac5ec"
 		logic_hash = "47a33fcd69dd78cbc6c3274aeaa8dddabe119ae65b59077e1807657b8a67fed3"
 		score = 75
@@ -56121,8 +56156,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_F412E4B4 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0e3a3f7973f747fcb23c72289116659c7f158c604d937d6ca7302fbab71851e9"
 		logic_hash = "b4e1b193e80aa88b91255df3a5f2e45de7f23fdba4a28d3ceb12db63098e70e5"
 		score = 75
@@ -56150,8 +56185,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_71F8E26C : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "13f873f83b84a0d38eb3437102f174f24a0ad3c5a53b83f0ee51c62c29fb1465"
 		logic_hash = "f9f2f22acd4f52cc313e3ecf425604651e0b8c78e33480d4d05bae5b8c9661fb"
 		score = 75
@@ -56179,8 +56214,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1A562D3B : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15731db615b32c49c34f41fe84944eeaf2fc79dafaaa9ad6bf1b07d26482f055"
 		logic_hash = "8d3b369bdcecd675f99cedf26dba202256555be0f5feae612404f9b5e109fa93"
 		score = 75
@@ -56208,8 +56243,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_410256Ac : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15f44e10ece90dec1a6104d5be1effefa17614d9f0cfb2784305dab85367b741"
 		logic_hash = "88227af6d2f365b761961bdf4b94bed81bca79e23d546e69900faa17c3e4dc71"
 		score = 75
@@ -56237,8 +56272,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_93Fa87F1 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "165b4a28fd6335d4e4dfefb6c40f41f16d8c7d9ab0941ccd23e36cda931f715e"
 		logic_hash = "2a1e797d4dd2599b5c67e73e3c909a1803e604edf0b6ba228713ee375ccc9b16"
 		score = 75
@@ -56266,8 +56301,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_8677Dca3 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "23813dc4aa56683e1426e5823adc3aab854469c9c0f3ec1a3fad40fa906929f2"
 		logic_hash = "9902758dfb61e8b60b281f3f51cda8a10d58eb0cc20743f97998d7bcf120c299"
 		score = 75
@@ -56295,8 +56330,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ebce4304 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b"
 		logic_hash = "42fbfc2c2636c2e3a5da5e51c6bf99f6114ec7d00b88371a34e1fdbe81d1264a"
 		score = 75
@@ -56324,8 +56359,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_073E6161 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b"
 		logic_hash = "2c98058add77c55ab68491eec041d7670f726a9ec93258ae7bb8f0e6721b4ca3"
 		score = 75
@@ -56353,8 +56388,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Bef22375 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f47baf48deb71910716beab9da1b1e24dc6de9575963e238735b6bcedfe73122"
 		logic_hash = "3991ebdb310338516d5fdd137ba2ac63dc870337785a31d59dcad49135f190e5"
 		score = 75
@@ -56382,8 +56417,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_35F50Bea : FILE MEMORY
 		date = "2022-04-28"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6"
 		logic_hash = "9f22b1b7f9e2d7858738d02730ef5477f8d430ad3606ebf4ac8b01314fdc9c46"
 		score = 75
@@ -56412,8 +56447,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_70Bed4F3 : FILE MEMORY
 		date = "2022-04-28"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6"
 		logic_hash = "3ff97986bfd8df812c4ef94395b3ac7f9ead4d059c398f8984ee217a1bcee4af"
 		score = 75
@@ -56447,8 +56482,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_C851687A : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7fac6fb24ac18bd69dd9f8f4090c4a77d1cc6554b6ae5c846e32d7666e5a1971"
 		score = 75
 		quality = 25
@@ -56494,8 +56529,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_0B58325E : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3822431e946fcc38c700cc8ce213e95f33a155d7f38b6ab2a24cb998d42c8521"
 		score = 75
 		quality = 73
@@ -56543,8 +56578,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_2B8Cddf8 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5502c06d33b93bae3bc25ba7dd6a5a9a3b0b2b43bb7e867e601ecb206bf503ed"
 		score = 75
 		quality = 43
@@ -56589,8 +56624,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59B44767 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7027d0dcbdb1961d2604f29392a923957d298a047c268553599ea8c881f76a98"
 		score = 75
 		quality = 69
@@ -56626,8 +56661,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Efd3C3F : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "45a0aaba6c1be016fc5f4051680ee7e3aa62e8a5d9730b7adab08c14ae37da24"
 		score = 75
 		quality = 75
@@ -56661,8 +56696,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E971281 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f204965c0118dbdfe7e134d319c92b30d22585e888609ff31df90643116a2c38"
 		score = 75
 		quality = 51
@@ -56703,8 +56738,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_09B79Efa : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "75fd003b9adf03aff8479b1b10da9c94955870b5fa4f1958f870e14acb2793c7"
 		score = 75
 		quality = 48
@@ -56743,8 +56778,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E77233E : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "93aa11523b794402b257d02d4f9edc5ad320bfdb5b8b0f671ff08f399ef9e674"
 		score = 75
 		quality = 63
@@ -56789,8 +56824,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_De42495A : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2a13c73d221d80d25a432f9e0a1387153a78f58719066586e9d80d17613293ef"
 		score = 75
 		quality = 75
@@ -56830,8 +56865,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_72F68375 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "912e37829a9f99e00326745343c9e4593cd7cfb8d4dfafc66027cddcb4d883be"
 		score = 75
 		quality = 63
@@ -56866,8 +56901,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_15F680Fb : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0efe368ad82f5b0f6301121bfda9fd049b008ac246368bfa22bd976fa2c56b79"
 		score = 75
 		quality = 75
@@ -56907,8 +56942,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_5B4383Ec : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "033bd831209958674f6309739d65c58d05acb9d17e53cede1cf171c6d6e84efa"
 		score = 75
 		quality = 75
@@ -56948,8 +56983,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_91E08059 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d5a8c1a0baa5e915cff29bcac33e30a7d7260f938ecaa6171d3aa88425a69266"
 		score = 75
 		quality = 75
@@ -56986,8 +57021,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Ee756Db7 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8d594aa1b889e80000cfcedbfc470a1b768bdcc2a9c436cd449b495c91011918"
 		score = 75
 		quality = 50
@@ -57065,8 +57100,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_9C0D5561 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a8929266950e0f540a68c4fedf708e8ddc27f208f9f2866245ad7bb7f6d87913"
 		score = 75
 		quality = 75
@@ -57106,8 +57141,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59Ed9124 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a50fd291f5f1bf7ec41b1938a32473a23c3c082018b86eab87aff0d95b26ba06"
 		score = 75
 		quality = 43
@@ -57152,8 +57187,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8A791Eb7 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d1765e6cac9b1560d6484baa1fa5a1bc0b768a72b389c7c6a60e34115669933e"
 		score = 75
 		quality = 43
@@ -57198,8 +57233,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_D00573A3 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e458d41d28b76c989af6385f183f33aa9e11b93e529f032e95bd75433b80bd69"
 		score = 75
 		quality = 75
@@ -57235,8 +57270,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Bcd759C : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "bfbb8e8009182e87c49242ec3da6e98b23447b646f5c7ea5f97196ae929d7c5f"
 		score = 75
 		quality = 75
@@ -57267,8 +57302,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A56B820F : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "52de8110727c29b0f5c75cd470ce6b80ba7821d0ba78ad074536323e2e80b460"
 		score = 75
 		quality = 43
@@ -57313,8 +57348,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_92F05172 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7f0ff4ee14a043d72810826ab9d2b90b0f66724550ba9d3cdd2abe749f4874d0"
 		score = 75
 		quality = 63
@@ -57353,8 +57388,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_417239B5 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fda252747359e677459d82d65c4c9c8f2ff80bc8fd6a38712f858039f3cb8dd1"
 		score = 75
 		quality = 51
@@ -57410,8 +57445,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_29374056 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "09755b23a7057c70f3ea242ec48549de65ebc6f13bdc38cbe22d6d758c3718cf"
 		score = 75
 		quality = 75
@@ -57440,8 +57475,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_949F10E3 : FILE MEMORY
 		date = "2021-03-25"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e4b726c83013f4b9c9d61683f78a4a91935225e9ed3de0ce164b96b5a6719579"
 		score = 75
 		quality = 75
@@ -57470,8 +57505,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8751Cdf9 : FILE MEMORY
 		date = "2021-03-25"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "64fae95fd89ad46a50a00c943cf98a997a0842a83be64b3728b25151867b75a8"
 		score = 75
 		quality = 75
@@ -57500,8 +57535,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_663Fc95D : FILE MEMORY
 		date = "2021-04-01"
 		modified = "2021-12-17"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "842a0a372cfb2316293f4a08e1690194fa98368a9f6ffe9c63222b2c4ab6532c"
 		score = 75
 		quality = 75
@@ -57529,8 +57564,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_B54B94Ac : FILE MEMORY
 		date = "2021-10-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a"
 		logic_hash = "6f63e4c31e55da2008f95e9d05391e40d44e2757c511e666032563ab798e274c"
 		score = 75
@@ -57563,8 +57598,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_F0B627Fc : FILE MEMORY
 		date = "2021-10-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b"
 		logic_hash = "1087294af3a9ef59c00098f5fd7adfe0b335525e135d95e45ac30e44c6739a72"
 		score = 75
@@ -57597,8 +57632,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Dcdcdd8C : FILE MEMORY
 		date = "2021-10-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a"
 		logic_hash = "f3ae07282b763d3720e45a84878cc457f65041f381951cdc9affd5e3ce67e6cc"
 		score = 75
@@ -57632,8 +57667,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A3Fb2616 : FILE MEMORY
 		date = "2021-10-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a"
 		logic_hash = "a3c36326ccc2bc828f6654ccaba507a283f92146fdc52f71d7d934f6908793e2"
 		score = 75
@@ -57665,8 +57700,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8Ee55Ee5 : FILE MEMORY
 		date = "2021-10-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a"
 		logic_hash = "d0cc321e15660311ae0b8e3261abe716a50a2455f82635c1b02d0a5444c8a89a"
 		score = 75
@@ -57696,8 +57731,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8D5963A2 : FILE MEMORY
 		date = "2022-08-10"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9fe43996a5c4e99aff6e2a1be743fedec35e96d1e6670579beb4f7e7ad591af9"
 		logic_hash = "f4f8fba807256bd885ccf4946eec8c2fb76eb04f86ed76d015178fe512a3c091"
 		score = 75
@@ -57725,8 +57760,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_1787Eef5 : FILE MEMORY
 		date = "2022-08-29"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a"
 		logic_hash = "0b70c61e986dee3126fec6eea127e01fce4b647aff8e2d2d5072eb8328549225"
 		score = 75
@@ -57759,8 +57794,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_4106070A : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "98789a11c06c1dfff7e02f66146afca597233c17e0d4900d6a683a150f16b3a4"
 		logic_hash = "90f0209a55ca381ca58264664e04c007c799cf558f143d0c02983d4caf47bfb8"
 		score = 75
@@ -57789,8 +57824,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_3Dc22D14 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7898194ae0244611117ec948eb0b0a5acbc15cd1419b1ecc553404e63bc519f9"
 		logic_hash = "2f52cd5f3b782c28e372c3daa9b7ddc4d2b9f68832f5250983412c2e7a755e73"
 		score = 75
@@ -57819,8 +57854,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7F8Da98A : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e3bc2bec4a55ad6cfdf49e5dbd4657fc704af1758ca1d6e31b83dcfb8bf0f89d"
 		logic_hash = "6c8698d65cbbf893f79ca1de5273535891418c87c234a2542f5f8079e56d9507"
 		score = 75
@@ -57848,8 +57883,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_D63F5E54 : FILE MEMORY
 		date = "2023-03-16"
 		modified = "2023-05-26"
 		reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "523dcff68a51ea8fb022066b5f09394e8174d6c157222a08100de30669898057"
 		score = 75
 		quality = 75
@@ -57879,8 +57914,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_2E50F393 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3ca1d4568fea7b2e4e9d30ba03662a2c28ee8623d887a0336e27989b5c98b55f"
 		score = 75
 		quality = 75
@@ -57909,8 +57944,8 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "55a27cb6280f31c077987d338151b13e9dc0cc1c14d47a32e64de6d6c1a6a742"
 		logic_hash = "47ca96e14b2b56bc6ef1ed22b42adac7aa557170632c2dc085fae3baf6198f40"
 		score = 75
@@ -57938,8 +57973,8 @@ rule ELASTIC_Linux_Ransomware_Blacksuit_9F53E7E5 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e"
 		logic_hash = "121e0139385cfef5dff394c4ea36d950314b00c6d7021cf2ca667ee942e74763"
 		score = 75
@@ -57969,8 +58004,8 @@ rule ELASTIC_Macos_Trojan_Aobokeylogger_Bd960F34 : FILE MEMORY
 		date = "2021-10-18"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2b50146c20621741642d039f1e3218ff68e5dbfde8bb9edaa0a560ca890f0970"
 		logic_hash = "f89fbf1d6bf041de0ce32f7920818c34ce0eeb6779bb7fac6f223bbea1c6f6fa"
 		score = 75
@@ -57998,8 +58033,8 @@ rule ELASTIC_Windows_Trojan_Afdk_C952Fcfa : FILE MEMORY
 		date = "2023-12-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Afdk.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Afdk.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0"
 		logic_hash = "a0589a3bf9e733e615b6e552395b3ff513e4fad7efd7d2ebea634aa91d2f60d9"
 		score = 75
@@ -58027,8 +58062,8 @@ rule ELASTIC_Windows_Trojan_Afdk_5F8Cc135 : FILE MEMORY
 		date = "2023-12-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Afdk.yar#L21-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Afdk.yar#L21-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0"
 		logic_hash = "0523a0cc3a4446f2ac88c72999568313c6b40f7f8975b8e332c0c6b1e48c5d76"
 		score = 75
@@ -58058,8 +58093,8 @@ rule ELASTIC_Windows_Hacktool_Cheatengine_Fedac96D : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b20b339a7b61dc7dbc9a36c45492ba9654a8b8a7c8cbc202ed1dfed427cfd799"
 		logic_hash = "426b6d388f86dd935d8165af0fb7c8491c987542755ec4c7c53a35a9003f8680"
 		score = 75
@@ -58088,8 +58123,8 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Courier.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Courier.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "349866d0fb81d07a35b53eac6f11176721629bbd692526851e483eaa83d690c3"
 		logic_hash = "c318d78a11a021334c84a21db2be6d7df57440a1f3ad6feaaff9cc95ebf6f716"
 		score = 75
@@ -58117,8 +58152,8 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Race.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Race.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06"
 		logic_hash = "ccba0e2ddefd53939cda6b4985def2d487ac5916cbad7374ac3143f02b9f7ff5"
 		score = 75
@@ -58146,8 +58181,8 @@ rule ELASTIC_Linux_Exploit_Openssl_47C6Fad7 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Openssl.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Openssl.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8024af0931dff24b5444f0b06a27366a776014358aa0b7fc073030958f863ef8"
 		logic_hash = "4c60071ecd7b826e692710ae11b09be30e7df5833bcaa8642fea014e12b9abd7"
 		score = 75
@@ -58175,8 +58210,8 @@ rule ELASTIC_Windows_Hacktool_Sharpshares_88Cdcd52 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41"
 		logic_hash = "85c59b939da6158f931e779c2884cea77b80fab54ee5e157d86afa19f0253db3"
 		score = 75
@@ -58215,8 +58250,8 @@ rule ELASTIC_Windows_Generic_Threat_Bc6Ae28D : FILE MEMORY
 		date = "2023-12-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ce00873eb423c0259c18157a07bf7fd9b07333e528a5b9d48be79194310c9d97"
 		logic_hash = "0ca5ec945858a5238eac048520dea4597f706ad2c96be322d341c84c4ddbce33"
 		score = 75
@@ -58244,8 +58279,8 @@ rule ELASTIC_Windows_Generic_Threat_Ce98C4Bc : FILE MEMORY
 		date = "2023-12-17"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L21-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L21-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "950e8a29f516ef3cf1a81501e97fbbbedb289ad9fb93352edb563f749378da35"
 		logic_hash = "74914f41c03cb2dcb1dc3175cc76574a0d40b66a1a3854af8f50c9858704b66b"
 		score = 75
@@ -58274,8 +58309,8 @@ rule ELASTIC_Windows_Generic_Threat_0Cc1481E : FILE MEMORY
 		date = "2023-12-17"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L42-L60"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L42-L60"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6ec7781e472a6827c1406a53ed4699407659bd57c33dd4ab51cabfe8ece6f23f"
 		logic_hash = "1a094cf337cb85aa4b7d1d2025571ab0661a7be1fd03d53d8c7370a90385f38c"
 		score = 75
@@ -58303,8 +58338,8 @@ rule ELASTIC_Windows_Generic_Threat_2507C37C : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L62-L80"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L62-L80"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "04296258f054a958f0fd013b3c6a3435280b28e9a27541463e6fc9afe30363cc"
 		logic_hash = "8c5ea1290260993ea5140baa4645f3fd0ebb4d43fce0e9a25f8e8948e683aec1"
 		score = 75
@@ -58332,8 +58367,8 @@ rule ELASTIC_Windows_Generic_Threat_E052D248 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L82-L100"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L82-L100"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ed2bbc0d120665044aacb089d8c99d7c946b54d1b08a078aebbb3b91f593da6e"
 		logic_hash = "1a16ce6d1c6707560425156e625ad19a82315564b3f03adafbcc3e65b0e98a6d"
 		score = 75
@@ -58361,8 +58396,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb7Fbe3 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L102-L120"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L102-L120"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "65cc8704c0e431589d196eadb0ac8a19151631c8d4ab7375d7cb18f7b763ba7b"
 		logic_hash = "36e1ab766e09e8d06b9179f67a1cb842ba257f140610964a941fb462ed3e803c"
 		score = 75
@@ -58390,8 +58425,8 @@ rule ELASTIC_Windows_Generic_Threat_994F2330 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L122-L140"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L122-L140"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0a30cb09c480a2659b6f989ac9fe1bfba1802ae3aad98fa5db7cdd146fee3916"
 		logic_hash = "ace99deae7f5faa22f273ec4fe45ef07f03acd1ae4d9c0f18687ef6cf5b560c2"
 		score = 75
@@ -58419,8 +58454,8 @@ rule ELASTIC_Windows_Generic_Threat_Bf7Aae24 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L142-L160"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L142-L160"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6dfc63894f15fc137e27516f2d2a56514c51f25b41b00583123142cf50645e4e"
 		logic_hash = "b6dfa6f4c46bddd643f2f89f6275404c19fd4ed1bbae561029fffa884e99e167"
 		score = 75
@@ -58448,8 +58483,8 @@ rule ELASTIC_Windows_Generic_Threat_D542E5A5 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L162-L180"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L162-L180"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3fc4ae7115e0bfa3fc6b75dcff867e7bf9ade9c7f558f31916359d37d001901b"
 		logic_hash = "3c16c02d4fc6e019f0ab0ff4daad61f59275afd8fb3ee263b1b59876233a686e"
 		score = 75
@@ -58477,8 +58512,8 @@ rule ELASTIC_Windows_Generic_Threat_8D10790B : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L182-L200"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L182-L200"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "911535923a5451c10239e20e7130d371e8ee37172e0f14fc8cf224d41f7f4c0f"
 		logic_hash = "84c017abbce1c8702efbe8657e5a857ae222721b0db2260dc814652f4528df26"
 		score = 75
@@ -58506,8 +58541,8 @@ rule ELASTIC_Windows_Generic_Threat_347F9F54 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L202-L220"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L202-L220"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45a051651ce1edddd33ecef09bb0fbb978adec9044e64f786b13ed81cabf6a3f"
 		logic_hash = "63df388393a45ffec68ba01ae6d7707b6d5277e0162ded6e631c1f76ad76b711"
 		score = 75
@@ -58535,8 +58570,8 @@ rule ELASTIC_Windows_Generic_Threat_20469956 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L222-L240"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L222-L240"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a1f2923f68f5963499a64bfd0affe0a729f5e7bd6bcccfb9bed1d62831a93c47"
 		logic_hash = "da351bec0039a32bb9de1d8623ab3dc26eb752d30a64e613de96f70e1b1c2463"
 		score = 75
@@ -58564,8 +58599,8 @@ rule ELASTIC_Windows_Generic_Threat_742E8A70 : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L242-L260"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L242-L260"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "94f7678be47651aa457256375f3e4d362ae681a9524388c97dc9ed34ba881090"
 		logic_hash = "2925eb8da80ef791b5cf7800a9bf9462203ab6aa743bc69f4fd2343e97eaab7c"
 		score = 75
@@ -58593,8 +58628,8 @@ rule ELASTIC_Windows_Generic_Threat_79174B5C : FILE MEMORY
 		date = "2023-12-18"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L262-L280"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L262-L280"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c15118230059e85e7a6b65fe1c0ceee8997a3d4e9f1966c8340017a41e0c254c"
 		logic_hash = "06a2f0613719f1273a6b3f62f248c22b1cab2fe6054904619e3720f3f6c55e2e"
 		score = 75
@@ -58622,8 +58657,8 @@ rule ELASTIC_Windows_Generic_Threat_232B71A9 : FILE MEMORY
 		date = "2023-12-20"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L282-L300"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L282-L300"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1e8b34da2d675af96b34041d4e493e34139fc8779f806dbcf62a6c9c4d9980fe"
 		logic_hash = "c3bef1509c0d0172dbbc7e0e2b5c69e5ec47dc22365d98a914002b53b0f7d918"
 		score = 75
@@ -58651,8 +58686,8 @@ rule ELASTIC_Windows_Generic_Threat_D331D190 : FILE MEMORY
 		date = "2023-12-20"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L302-L320"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L302-L320"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6d869d320d977f83aa3f0e7719967c7e54c1bdae9ae3729668d755ee3397a96f"
 		logic_hash = "901601c892d709fa596c44df1fbe7772a9f20576c71666570713bf96727a809b"
 		score = 75
@@ -58680,8 +58715,8 @@ rule ELASTIC_Windows_Generic_Threat_24191082 : FILE MEMORY
 		date = "2023-12-20"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L322-L340"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L322-L340"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4d20878c16d2b401e76d8e7c288cf8ef5aa3c8d4865f440ee6b44d9f3d0cbf33"
 		logic_hash = "a5ea76032a9c189f923d91cd03deb44bd61868e5ad6081afe63249156cbd8927"
 		score = 75
@@ -58709,8 +58744,8 @@ rule ELASTIC_Windows_Generic_Threat_Efdb9E81 : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L342-L361"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L342-L361"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1c3302b14324c9f4e07829f41cd767ec654db18ff330933c6544c46bd19e89dd"
 		logic_hash = "eae78b07f6c31e3a30ae041a27c67553bb8ea915bc7724583d78832475021955"
 		score = 75
@@ -58739,8 +58774,8 @@ rule ELASTIC_Windows_Generic_Threat_34622A35 : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L363-L381"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L363-L381"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c021c6adca0ddf38563a13066a652e4d97726175983854674b8dae2f6e59c83f"
 		logic_hash = "2b49bd5d3a18307a46f44d9dfeea858ddaa6084f86f96b83b874cee7603e1c11"
 		score = 75
@@ -58768,8 +58803,8 @@ rule ELASTIC_Windows_Generic_Threat_0Ff403Df : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L383-L401"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L383-L401"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f"
 		logic_hash = "38bdd9b6f61ab4bb13abc7af94e92151928df95ade061756611218104e7245fd"
 		score = 75
@@ -58797,8 +58832,8 @@ rule ELASTIC_Windows_Generic_Threat_B1F6F662 : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L403-L423"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L403-L423"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b7eaef3cf1bb8021a00df092c829932cccac333990db1c5dac6558a5d906400"
 		logic_hash = "e52ff1eaee00334e1a07367bf88f3907bb0b13035717683d9d98371b92bc45c0"
 		score = 75
@@ -58828,8 +58863,8 @@ rule ELASTIC_Windows_Generic_Threat_2C80562D : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L425-L445"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L425-L445"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ee8decf1e8e5a927e3a6c10e88093bb4b7708c3fd542d98d43f1a882c6b0198e"
 		logic_hash = "07487ae646ac81b94f940c8d3493dbee023bce687297465fe09375f40dff0fb2"
 		score = 75
@@ -58859,8 +58894,8 @@ rule ELASTIC_Windows_Generic_Threat_E96F9E97 : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L447-L465"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L447-L465"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bfbab69e9fc517bc46ae88afd0603a498a4c77409e83466d05db2797234ea7fc"
 		logic_hash = "1dcf81b8982425ff74107b899e85e2432f0464554e923f85a7555cda65293b54"
 		score = 75
@@ -58888,8 +58923,8 @@ rule ELASTIC_Windows_Generic_Threat_005Fd471 : FILE MEMORY
 		date = "2024-01-01"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L467-L487"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L467-L487"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "502814ed565a923da15626d46fde8cc7fd422790e32b3cad973ed8ec8602b228"
 		logic_hash = "10493253a6b2ce3141ee980e0607bdbba72580bb4a076f2f4636e9665ffc6db8"
 		score = 75
@@ -58919,8 +58954,8 @@ rule ELASTIC_Windows_Generic_Threat_54B0Ec47 : FILE MEMORY
 		date = "2024-01-03"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L489-L508"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L489-L508"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9c14203069ff6003e7f408bed71e75394de7a6c1451266c59c5639360bf5718c"
 		logic_hash = "e3d74162a8874fe05042fec98d25b8db50e7f537566fd9f4e40f92bfe868259a"
 		score = 75
@@ -58949,8 +58984,8 @@ rule ELASTIC_Windows_Generic_Threat_Acf6222B : FILE MEMORY
 		date = "2024-01-03"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L510-L528"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L510-L528"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ce0def96be08193ab96817ce1279e8406746a76cfcf4bf44e394920d7acbcaa6"
 		logic_hash = "a284b6c163dbc022bd36f19fbc1d7ff70143bee566328ad23e7b8b79abd39e91"
 		score = 75
@@ -58978,8 +59013,8 @@ rule ELASTIC_Windows_Generic_Threat_5E718A0C : FILE MEMORY
 		date = "2024-01-03"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L530-L548"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L530-L548"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "430b9369b779208bd3976bd2adc3e63d3f71e5edfea30490e6e93040c1b3bac6"
 		logic_hash = "45068afeda7abae0fe922a21f8f768b6c74a6e0f8e9e8b1f68c3ddf92940bf9a"
 		score = 75
@@ -59007,8 +59042,8 @@ rule ELASTIC_Windows_Generic_Threat_Fac6D993 : FILE MEMORY
 		date = "2024-01-03"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L550-L568"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L550-L568"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e7c88e72cf0c1f4cbee588972fc1434065f7cc9bd95d52379bade1b8520278"
 		logic_hash = "3486793324dbe43c908432e1956bbbdb870beb4641da46b3786581fd3e78811a"
 		score = 75
@@ -59036,8 +59071,8 @@ rule ELASTIC_Windows_Generic_Threat_E7Eaa4Ca : FILE MEMORY
 		date = "2024-01-04"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L570-L587"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L570-L587"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "600da0c88dc0606e05f60ecd3b9a90469eef8ac7a702ef800c833f7fd17eb13e"
 		score = 75
 		quality = 75
@@ -59064,8 +59099,8 @@ rule ELASTIC_Windows_Generic_Threat_97703189 : FILE MEMORY
 		date = "2024-01-04"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L589-L607"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L589-L607"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "968ba3112c54f3437b9abb6137f633d919d75137d790af074df40a346891cfb5"
 		logic_hash = "318bc82d49e9a3467ec0e0086aaf1092d2aa7c589b5f16ce6fbb3778eda7ef0b"
 		score = 75
@@ -59093,8 +59128,8 @@ rule ELASTIC_Windows_Generic_Threat_Ca0686E1 : FILE MEMORY
 		date = "2024-01-05"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L609-L627"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L609-L627"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15c7ce1bc55549efc86dea74a90f42fb4665fe15b14f760037897c772159a5b5"
 		logic_hash = "12b2ff66d1be6e2d27f24489b389b5c84660921e8de41653b2b425077cc87669"
 		score = 75
@@ -59122,8 +59157,8 @@ rule ELASTIC_Windows_Generic_Threat_97C1A260 : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L629-L647"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L629-L647"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2cc85ebb1ef07948b1ddf1a793809b76ee61d78c07b8bf6e702c9b17346a20f1"
 		logic_hash = "5bd84cbdd4ba699c9e9d87e684071342b23138538bd83ffea8c524fcee26a59b"
 		score = 75
@@ -59151,8 +59186,8 @@ rule ELASTIC_Windows_Generic_Threat_A440F624 : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L649-L668"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L649-L668"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3564fec3d47dfafc7e9c662654865aed74aedeac7371af8a77e573ea92cbd072"
 		logic_hash = "23c759a0db5698b28a69232077a6b714f71e8eaa069d2f02a7d3efc48b178a2b"
 		score = 75
@@ -59181,8 +59216,8 @@ rule ELASTIC_Windows_Generic_Threat_B577C086 : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L670-L688"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L670-L688"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "27dd61d4d9997738e63e813f8b8ea9d5cf1291eb02d20d1a2ad75ac8aa99459c"
 		logic_hash = "a7684340171415ee01e855706192cdffcccd6c82362707229b2c1d096f87dfa8"
 		score = 75
@@ -59210,8 +59245,8 @@ rule ELASTIC_Windows_Generic_Threat_62E1F5Fc : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L690-L710"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L690-L710"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4a692e244a389af0339de8c2d429b541d6d763afb0a2b1bb20bee879330f2f42"
 		logic_hash = "76e21746ee396f13073b3db1e876246f01cef547d312691dff3dc895ea3a2b82"
 		score = 75
@@ -59241,8 +59276,8 @@ rule ELASTIC_Windows_Generic_Threat_55D6A1Ab : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L712-L731"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L712-L731"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ca6ed610479b5aaaf193a2afed8f2ca1e32c0c5550a195d88f689caab60c6fb"
 		logic_hash = "4f3a0b2e45ae4e6a00f137798b700a0925fa6eb19ea6b871d7eeb565548888ba"
 		score = 75
@@ -59271,8 +59306,8 @@ rule ELASTIC_Windows_Generic_Threat_F7D3Cdfd : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L733-L751"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L733-L751"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f9df83d0b0e06884cdb4a02cd2091ee1fadeabb2ea16ca34cbfef4129ede251f"
 		logic_hash = "23e1008f222eb94a4bd34372834924377e813dc76efa8544b0dcbe7d3e3addde"
 		score = 75
@@ -59300,8 +59335,8 @@ rule ELASTIC_Windows_Generic_Threat_0350Ed31 : FILE MEMORY
 		date = "2024-01-07"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L753-L771"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L753-L771"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "008f9352765d1b3360726363e3e179b527a566bc59acecea06bd16eb16b66c5d"
 		logic_hash = "149dd26466f47b2e7f514bdcc9822470334490da2898840f35fe6b537ce104f6"
 		score = 75
@@ -59329,8 +59364,8 @@ rule ELASTIC_Windows_Generic_Threat_A1Cef0Cd : FILE MEMORY
 		date = "2024-01-08"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L773-L791"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L773-L791"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "71f519c6bd598e17e1298d247a4ad37b78685ca6fd423d560d397d34d16b7db8"
 		logic_hash = "2772906e3a8a088e7c6ea1370af5e5bbe2cbae4f49de9b939524e317be8ddde4"
 		score = 75
@@ -59358,8 +59393,8 @@ rule ELASTIC_Windows_Generic_Threat_E5F4703F : FILE MEMORY
 		date = "2024-01-09"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L793-L811"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L793-L811"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "362bda1fad3fefce7d173617909d3c1a0a8e234e22caf3215ee7c6cef6b2743b"
 		logic_hash = "f81476d5e5a9bcb42b32d6ec3d4b620165f2878c50691ecf59ef6f34b6ad9d1b"
 		score = 75
@@ -59387,8 +59422,8 @@ rule ELASTIC_Windows_Generic_Threat_8B790Aba : FILE MEMORY
 		date = "2024-01-09"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L813-L832"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L813-L832"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ec98bfff01d384bdff6bbbc5e17620b31fa57c662516157fd476ef587b8d239e"
 		logic_hash = "8a0b2af3d0c95466ca138dfcc3d6f6a702ec92f5cd4f791b1200c79ffd973840"
 		score = 75
@@ -59417,8 +59452,8 @@ rule ELASTIC_Windows_Generic_Threat_76A7579F : FILE MEMORY
 		date = "2024-01-09"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L834-L852"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L834-L852"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "76c73934bcff7e4ee08b068d1e02b8f5c22161262d127de2b4ac2e81d09d84f6"
 		logic_hash = "08ed2d318e7154195911aaf3705626307b48a54aa195eaa054ec53766d3e198d"
 		score = 75
@@ -59446,8 +59481,8 @@ rule ELASTIC_Windows_Generic_Threat_3F060B9C : FILE MEMORY
 		date = "2024-01-10"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L854-L872"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L854-L872"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "32e7a40b13ddbf9fc73bd12c234336b1ae11e2f39476de99ebacd7bbfd22fba0"
 		logic_hash = "193583f63f22452f96c8372fdc9ef04e2a684f847564a7fe75145ea30d426901"
 		score = 75
@@ -59475,8 +59510,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbae6542 : FILE MEMORY
 		date = "2024-01-10"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L874-L892"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L874-L892"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c73f533f96ed894b9ff717da195083a594673e218ee9a269e360353b9c9a0283"
 		logic_hash = "673c6b4e6aaa127d45b21d0283437000fbc507a84ecd7a326448869d63759aee"
 		score = 75
@@ -59504,8 +59539,8 @@ rule ELASTIC_Windows_Generic_Threat_808F680E : FILE MEMORY
 		date = "2024-01-10"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L894-L912"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L894-L912"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "df6955522532e365239b94e9d834ff5eeeb354eec3e3672c48be88725849ac1c"
 		logic_hash = "22d91a87c01b401d4a203fbabb93a9b45fd6d8819125c56d9c427449b06d2f84"
 		score = 75
@@ -59533,8 +59568,8 @@ rule ELASTIC_Windows_Generic_Threat_073909Cf : FILE MEMORY
 		date = "2024-01-10"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L914-L932"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L914-L932"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "89a6dc518c119b39252889632bd18d9dfdae687f7621310fb14b684d2f85dad8"
 		logic_hash = "5b42a74010549c884ff85a67b9add6b82a8109a953473cc1439581976f8f545e"
 		score = 75
@@ -59562,8 +59597,8 @@ rule ELASTIC_Windows_Generic_Threat_820Fe9C9 : FILE MEMORY
 		date = "2024-01-11"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L934-L952"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L934-L952"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1102a499b8a863bdbfd978a1d17270990e6b7fe60ce54b9dd17492234aad2f8c"
 		logic_hash = "81a1359bd5781e1eefb6ae06c6b2ad9e94cc6318c1f81f84c06f0b236b6e84d1"
 		score = 75
@@ -59591,8 +59626,8 @@ rule ELASTIC_Windows_Generic_Threat_89Efd1B4 : FILE MEMORY
 		date = "2024-01-11"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L954-L972"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L954-L972"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "937c8bc3c89bb9c05b2cb859c4bf0f47020917a309bbadca36236434c8cdc8b9"
 		logic_hash = "49a7875fd9c31c5c9b593aed75a28fadb586294422b75c7a8eeba2e8ff254753"
 		score = 75
@@ -59620,8 +59655,8 @@ rule ELASTIC_Windows_Generic_Threat_61315534 : FILE MEMORY
 		date = "2024-01-11"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L974-L992"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L974-L992"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "819447ca71080f083b1061ed6e333bd9ef816abd5b0dd0b5e6a58511ab1ce8b9"
 		logic_hash = "0fdfe3bb6ebdaac4324a45dac8680f00684d0030419f26f3f72ed002bf5a2a34"
 		score = 75
@@ -59649,8 +59684,8 @@ rule ELASTIC_Windows_Generic_Threat_Eab96Cf2 : FILE MEMORY
 		date = "2024-01-11"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L994-L1012"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L994-L1012"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2be8a2c524f1fb2acb2af92bc56eb9377c4e16923a06f5ac2373811041ea7982"
 		logic_hash = "cc1dfc2c9c5e1fbc6282342dfbf3a6c834fa56fb6fc46569a24fa78535c5845f"
 		score = 75
@@ -59678,8 +59713,8 @@ rule ELASTIC_Windows_Generic_Threat_11A56097 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1014-L1033"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1014-L1033"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56"
 		logic_hash = "42f955c079752c787ac70682bc41fa31f3196d30051d7032276a0d4279d59d58"
 		score = 75
@@ -59708,8 +59743,8 @@ rule ELASTIC_Windows_Generic_Threat_F3Bef434 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1035-L1053"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1035-L1053"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56"
 		logic_hash = "efba0e1fbe6562a9aeaac23b851c31350e4ac6551e505be4986bddade92ca303"
 		score = 75
@@ -59737,8 +59772,8 @@ rule ELASTIC_Windows_Generic_Threat_C6F131C5 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1055-L1073"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1055-L1073"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "247314baaaa993b8db9de7ef0e2998030f13b99d6fd0e17ffd59e31a8d17747a"
 		logic_hash = "5702a77fee0cd564916abdbfedf76d069bb7a5b6de0c4623150991d52dc02e42"
 		score = 75
@@ -59766,8 +59801,8 @@ rule ELASTIC_Windows_Generic_Threat_B2A054F8 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1075-L1095"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1075-L1095"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "63d2478a5db820731a48a7ad5a20d7a4deca35c6b865a17de86248bef7a64da7"
 		logic_hash = "f64b1666f78646322a4c37dc887d8fcfdb275b0bca812e360579cefd9e323c02"
 		score = 75
@@ -59797,8 +59832,8 @@ rule ELASTIC_Windows_Generic_Threat_Fcab7E76 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1097-L1115"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1097-L1115"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "67d7e016e401bd5d435eecaa9e8ead341aed2f373a1179069f53b64bda3f1f56"
 		logic_hash = "90f50d1227b8e462eaa393690dc2b25601444bf80f2108445a0413bff6bedae8"
 		score = 75
@@ -59826,8 +59861,8 @@ rule ELASTIC_Windows_Generic_Threat_90E4F085 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1117-L1137"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1117-L1137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1a6a290d98f5957d00756fc55187c78030de7031544a981fd2bb4cfeae732168"
 		logic_hash = "2afeae6de965ae155914dcedbfe375327a9fca3b42733c23360dd4fddfcc8a3d"
 		score = 75
@@ -59857,8 +59892,8 @@ rule ELASTIC_Windows_Generic_Threat_04A9C177 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1139-L1157"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1139-L1157"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0cccdde4dcc8916fb6399c181722eb0da2775d86146ce3cb3fc7f8cf6cd67c29"
 		logic_hash = "ca7cf71228b1e13ec05c62cd9924ea5089fdf903d8ea4a5151866996ea81e01e"
 		score = 75
@@ -59886,8 +59921,8 @@ rule ELASTIC_Windows_Generic_Threat_45D1E986 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1159-L1177"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1159-L1177"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb"
 		logic_hash = "d53a4d189b9a49f9b6477e12bce0d41e62827306d1df79e6494ab67669d84f35"
 		score = 75
@@ -59915,8 +59950,8 @@ rule ELASTIC_Windows_Generic_Threat_83C38E63 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1179-L1198"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1179-L1198"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2121a0e5debcfeedf200d7473030062bc9f5fbd5edfdcd464dfedde272ff1ae7"
 		logic_hash = "89d4036290a29b372918205bba85698d6343109503766cbb13999b5177fc3152"
 		score = 75
@@ -59945,8 +59980,8 @@ rule ELASTIC_Windows_Generic_Threat_Bd24Be68 : FILE MEMORY
 		date = "2024-01-12"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1200-L1218"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1200-L1218"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb"
 		logic_hash = "8536593696930d03f1e62586886f0df5438d13fb796b4605df7ad67d9633d5f9"
 		score = 75
@@ -59974,8 +60009,8 @@ rule ELASTIC_Windows_Generic_Threat_A0C7B402 : FILE MEMORY
 		date = "2024-01-16"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1220-L1238"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1220-L1238"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5814d7712304800d92487b8e1108d20ad7b44f48910b1fb0a99e9b36baa4333a"
 		logic_hash = "d0aa75debbefb301b9fc46ceca4944ae8c4b009118214a9589440b59089b853e"
 		score = 75
@@ -60003,8 +60038,8 @@ rule ELASTIC_Windows_Generic_Threat_42B3E0D7 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1240-L1258"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1240-L1258"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "99ad416b155970fda383a63fe61de2e4d0254e9c9e09564e17938e8e2b49b5b7"
 		logic_hash = "58b4c667b6d796f4525afeb706394f593d03393e3a48e2a0b7664f121e6a78fe"
 		score = 75
@@ -60032,8 +60067,8 @@ rule ELASTIC_Windows_Generic_Threat_66142106 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1260-L1278"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1260-L1278"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cd164a65fb2a496ad7b54c782f25fbfca0540d46d2c0d6b098d7be516c4ce021"
 		logic_hash = "bf5d8db3ed6d2abc3158b04e904351250bf17a6d766e31769b3c5a6e534165b0"
 		score = 75
@@ -60061,8 +60096,8 @@ rule ELASTIC_Windows_Generic_Threat_51A1D82B : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1280-L1298"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1280-L1298"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1a7adde856991fa25fac79048461102fba58cda9492d4f5203b817d767a81018"
 		logic_hash = "2d6b0560e1980deb6aad8e0902d065eeda406506b70bb8bb27c7fa58be9842f8"
 		score = 75
@@ -60090,8 +60125,8 @@ rule ELASTIC_Windows_Generic_Threat_Dee3B4Bf : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1300-L1318"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1300-L1318"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c7f4b63fa5c7386d6444c0d0428a8fe328446efcef5fda93821f05e86efd2fba"
 		logic_hash = "cfd7f9250ab44ffe12b62f84ae753032642d9aa2524d88a6d4d989a2afa043a3"
 		score = 75
@@ -60119,8 +60154,8 @@ rule ELASTIC_Windows_Generic_Threat_Fdbcd3F2 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1320-L1338"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1320-L1338"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9258e4fe077be21ad7ae348868f1ac6226f6e9d404c664025006ab4b64222369"
 		logic_hash = "ca9136ca44a61795cca44ac9bb0494fdc34c08d6578603ba3be3582956f4a98f"
 		score = 75
@@ -60148,8 +60183,8 @@ rule ELASTIC_Windows_Generic_Threat_B7852Ccf : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1340-L1360"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1340-L1360"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5ac70fa959be4ee37c0c56f0dd04061a5fed78fcbde21b8449fc93e44a8c133a"
 		logic_hash = "4d5c29cceaacfda0c41bcd13cf95e90397b1b6c0c6beeb19b9184f435c8669b9"
 		score = 75
@@ -60179,8 +60214,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C8F21A : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1362-L1380"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1362-L1380"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9a102873dd37d08f53dcf6b5dad2555598a954d18fb3090bbf842655c5fded35"
 		logic_hash = "b4d2b28fb2c9d46884b0b34f7821151b88891a8d881885c704e0e192cf7fca70"
 		score = 75
@@ -60208,8 +60243,8 @@ rule ELASTIC_Windows_Generic_Threat_A3D51E0C : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1382-L1400"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1382-L1400"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "18bd25df1025cd04b0642e507b0170bc1a2afba71b2dc4bd5e83cc487860db0d"
 		logic_hash = "f128f6a037abb4af2c11605b182852146780be6451b3062a2914bedb5c286843"
 		score = 75
@@ -60237,8 +60272,8 @@ rule ELASTIC_Windows_Generic_Threat_54Ccad4D : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1402-L1422"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1402-L1422"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe4aad002722d2173dd661b7b34cdb0e3d4d8cd600e4165975c48bf1b135763f"
 		logic_hash = "b9fb525be22dd2f235c3ac68688ced5298da45194ad032423689f5a085df6e31"
 		score = 75
@@ -60268,8 +60303,8 @@ rule ELASTIC_Windows_Generic_Threat_6Ee18020 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1424-L1442"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1424-L1442"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d58d8f5a7efcb02adac92362d8c608e6d056824641283497b2e1c1f0e2d19b0a"
 		logic_hash = "8a08973ae2ddde275e007686fc6eca831c1fb398b7221d5022da10f90da0e44d"
 		score = 75
@@ -60297,8 +60332,8 @@ rule ELASTIC_Windows_Generic_Threat_8Eb547Db : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1444-L1462"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1444-L1462"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3fc821b63dfa653b86b11201073997fa4dc273124d050c2a7c267ac789d8a447"
 		logic_hash = "73cabad0656c6b347def017b07138fdbdd5b41da5ccf7d701fea764669058f39"
 		score = 75
@@ -60326,8 +60361,8 @@ rule ELASTIC_Windows_Generic_Threat_803Feff4 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1464-L1482"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1464-L1482"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8f150dfb13e4a2ff36231f873e4c0677b5db4aa235d8f0aeb41e02f7e31c1e05"
 		logic_hash = "e22b8b208ff104e2843d897c425467f2f0ec0c586c4db578da90aeaef0209e1d"
 		score = 75
@@ -60355,8 +60390,8 @@ rule ELASTIC_Windows_Generic_Threat_9C7D2333 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1484-L1502"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1484-L1502"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "85219f1402c88ab1e69aa99fe4bed75b2ad1918f4e95c448cdc6a4b9d2f9a5d4"
 		logic_hash = "561290ebf3ca2a01914f514d63121be930e7a8c06cfc90ff4b8f0c7cef3408fe"
 		score = 75
@@ -60384,8 +60419,8 @@ rule ELASTIC_Windows_Generic_Threat_747B58Af : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1504-L1524"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1504-L1524"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ee28e93412c59d63155fd79bc99979a5664c48dcb3c77e121d17fa985fcb0ebe"
 		logic_hash = "fd6b36ca50c1017035474b491f716bfb0d53b181fce4b5478a57a1d1a6ddc3e7"
 		score = 75
@@ -60415,8 +60450,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C4E847 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1526-L1544"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1526-L1544"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "86b37f0b2d9d7a810b5739776b4104f1ded3a1228c4ec2d104d26d8eb26aa7ba"
 		logic_hash = "fa147abf7aa872f409e7684c4c60485fc58f57543062573526e56ff9866f8dfe"
 		score = 75
@@ -60444,8 +60479,8 @@ rule ELASTIC_Windows_Generic_Threat_6542Ebda : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1546-L1564"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1546-L1564"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2073e51c7db7040c6046e36585873a0addc2bcddeb6e944b46f96c607dd83595"
 		logic_hash = "30263341bf51a001503dfda9be5771d401bc5b5423682c29a6d4ebc457415d3e"
 		score = 75
@@ -60473,8 +60508,8 @@ rule ELASTIC_Windows_Generic_Threat_1417511B : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1566-L1584"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1566-L1584"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2fc9bd91753ff3334ef7f9861dc1ae79cf5915d79fa50f7104cbb3262b7037da"
 		logic_hash = "e6b53082fa447ac3cf56784771aca742696922e6f740a24d014e04250dc5020c"
 		score = 75
@@ -60502,8 +60537,8 @@ rule ELASTIC_Windows_Generic_Threat_7526F106 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1586-L1605"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1586-L1605"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5a297c446c27a8d851c444b6b32a346a7f9f5b5e783564742d39e90cd583e0f0"
 		logic_hash = "a0f9eb760be05196f0c5c3e3bf250929b48341a58a11c24722978fa19c4a9f57"
 		score = 75
@@ -60532,8 +60567,8 @@ rule ELASTIC_Windows_Generic_Threat_Cbe3313A : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1607-L1625"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1607-L1625"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ca2a28c851070b9bfe1f7dd655f2ea10ececef49276c998a1d2a1b48f84cef3"
 		logic_hash = "41a731cefe0c8ee95f1db598b68a8860ef7ff06137ce94d0dd0b5c60c4240e85"
 		score = 75
@@ -60561,8 +60596,8 @@ rule ELASTIC_Windows_Generic_Threat_779Cf969 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1627-L1645"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1627-L1645"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ef281230c248442c804f1930caba48f0ae6cef110665020139f826ab99bbf274"
 		logic_hash = "ad0f2d78386abf4c6dc6b5a4a88b4dcf8e5bf8086b08bac91e5e00be9936e908"
 		score = 75
@@ -60590,8 +60625,8 @@ rule ELASTIC_Windows_Generic_Threat_D568682A : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1647-L1665"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1647-L1665"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d98bc52259e0625ec2f24078cf4ae3233e5be0ade8f97a80ca590a0f1418582"
 		logic_hash = "97e172502037c7a5d66327fcc4a237e5548694fc7d73a535838ad56367f15d76"
 		score = 75
@@ -60619,8 +60654,8 @@ rule ELASTIC_Windows_Generic_Threat_Ccb6A7A2 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1667-L1686"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1667-L1686"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "60503212db3f27a4d68bbfc94048ffede04ad37c78a19c4fe428b50f27af7a0d"
 		logic_hash = "312265bbc4330a463bbe7478c70233f5df3353bda3c450562f2414f3675ba91e"
 		score = 75
@@ -60649,8 +60684,8 @@ rule ELASTIC_Windows_Generic_Threat_D62F1D01 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1688-L1706"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1688-L1706"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "380892397b86f47ec5e6ed1845317bf3fd9c00d01f516cedfe032c0549eef239"
 		logic_hash = "fd65eb56f3a48c37f83d3544c039d29c231cac1e2f8f07d176d709432a75a4c3"
 		score = 75
@@ -60678,8 +60713,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb6F41D : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1708-L1728"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1708-L1728"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "afa060352346dda4807dffbcac75bf07e8800d87ff72971b65e9805fabef39c0"
 		logic_hash = "7c4e62b69880eb8a901d7e94b7539786e8ac58808df07cb1cbe9ff45efce518e"
 		score = 75
@@ -60709,8 +60744,8 @@ rule ELASTIC_Windows_Generic_Threat_C54Ed0Ed : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1730-L1747"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1730-L1747"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f0f4878cb003371522ed1419984f15fd5049f1adeb8e051b8b51b31b0d620e96"
 		score = 75
 		quality = 75
@@ -60737,8 +60772,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbe41439 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1749-L1767"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1749-L1767"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "64afd2bc6cec17402473a29b94325ae2e26989caf5a8b916dc21952149d71b00"
 		logic_hash = "288cdc285d024f2b69847e0d49bd4dc1c86a2a6a24a7b4fb248071855ba39a38"
 		score = 75
@@ -60766,8 +60801,8 @@ rule ELASTIC_Windows_Generic_Threat_51A52B44 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1769-L1787"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1769-L1787"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "303aafcc660baa803344bed6a3a7a5b150668f88a222c28182db588fc1e744e0"
 		logic_hash = "aad1c350f43cf2e0512e085e1a04db6099c568e375423afb9518b1fb89801c21"
 		score = 75
@@ -60795,8 +60830,8 @@ rule ELASTIC_Windows_Generic_Threat_5C18A7F9 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1789-L1807"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1789-L1807"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fd272678098eae8f5ec8428cf25d2f1d8b65566c59e363d42c7ce9ffab90faaa"
 		logic_hash = "05cea396567ed3e23907dec4e6e3a6629cd1044d9123cde0575a04b73bae6c20"
 		score = 75
@@ -60824,8 +60859,8 @@ rule ELASTIC_Windows_Generic_Threat_Ab01Ba9E : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1809-L1829"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1809-L1829"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2b237716d0c0c9877f54b3fa03823068728dfe0710c5b05e9808eab365a1408e"
 		logic_hash = "cc8d79950e21270938d2ea7e501c7c8fdbebe92767b48b46bb03c08c377e095b"
 		score = 75
@@ -60855,8 +60890,8 @@ rule ELASTIC_Windows_Generic_Threat_917D7645 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1831-L1849"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1831-L1849"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19b54a20cfa74cbb0f4724155244b52ca854054a205be6d148f826fa008d6c55"
 		logic_hash = "65748ff2e4448f305b9541ea9864cc6bda054d37be5ed34110a2f64c8fef30c7"
 		score = 75
@@ -60884,8 +60919,8 @@ rule ELASTIC_Windows_Generic_Threat_7A09E97D : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1851-L1869"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1851-L1869"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0c1e333e60547a90ec9d9dac3fc6698b088769bc0f5ec25883b2c4d1fd680a9"
 		logic_hash = "b65b2d12901953c137687a7b466c78e0537a2830c37a4cb13dd0eda457bba937"
 		score = 75
@@ -60913,8 +60948,8 @@ rule ELASTIC_Windows_Generic_Threat_Dc4Ede3B : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1871-L1889"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1871-L1889"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c49f20c5b42c6d813e6364b1fcb68c1b63a2f7def85a3ddfc4e664c4e90f8798"
 		logic_hash = "c402d5f16f2be32912d7a054b51ab6dafc6173bb5a267a7846b3ac9df1c4c19f"
 		score = 75
@@ -60942,8 +60977,8 @@ rule ELASTIC_Windows_Generic_Threat_Bb480769 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1891-L1909"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1891-L1909"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "010e3aeb26533d418bb7d2fdcfb5ec21b36603b6abb63511be25a37f99635bce"
 		logic_hash = "1087e0befceac2606ce5dc5f2b42b45ebad888e7d3e451c3fb89de7e932a31f5"
 		score = 75
@@ -60971,8 +61006,8 @@ rule ELASTIC_Windows_Generic_Threat_5Fbf5680 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1911-L1929"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1911-L1929"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b0553a9873d4cda213f5464b5e98904163e347a49282db679394f70d4571e77"
 		logic_hash = "ec5399f6fb29125cb4c096851b9194fa35fb1e5ddd1f4d4f07b155471ae5c619"
 		score = 75
@@ -61000,8 +61035,8 @@ rule ELASTIC_Windows_Generic_Threat_Aa30A738 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1931-L1949"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1931-L1949"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7726a691bd6c1ee51a9682e0087403a2c5a798ad172c1402acf2209c34092d18"
 		logic_hash = "64967fbc0e74435452752731a8b9385345cc771d27ee33cd018cccdeb26bb75e"
 		score = 75
@@ -61029,8 +61064,8 @@ rule ELASTIC_Windows_Generic_Threat_9A8Dc290 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1951-L1969"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1951-L1969"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d951562a841f3706005d7696052d45397e3b4296d4cd96bf187920175fbb1676"
 		logic_hash = "0097a13187b953ebe97809dda2be818cfcd94991c03e75f344e34a3d2c4fe902"
 		score = 75
@@ -61058,8 +61093,8 @@ rule ELASTIC_Windows_Generic_Threat_Bbf2A354 : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1971-L1989"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1971-L1989"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b4e6c748ad88070e39b53a9373946e9e404623326f710814bed439e5ea61fc3e"
 		logic_hash = "6be2fae41199daea6b9d0394c9af7713543333a50620ef417bb8439d5a07f336"
 		score = 75
@@ -61087,8 +61122,8 @@ rule ELASTIC_Windows_Generic_Threat_Da0F3Cbb : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L1991-L2009"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L1991-L2009"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b2c456d0051ffe1ca7e9de1e944692b10ed466eabb38242ea88e663a23157c58"
 		logic_hash = "262d0bbb69adde8c4c8645813b048f3aaa2dbcc83996606e7ca21c3edea2b5d8"
 		score = 75
@@ -61116,8 +61151,8 @@ rule ELASTIC_Windows_Generic_Threat_7D555B55 : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2011-L2029"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2011-L2029"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7efa5c8fd55a20fbc3a270cf2329d4a38f10ca372f3428bee4c42279fbe6f9c3"
 		logic_hash = "dc3a3622abbc7d0a02d8d9ed4446d0a72a603ecfd6594ecfa615e5418a9c9970"
 		score = 75
@@ -61145,8 +61180,8 @@ rule ELASTIC_Windows_Generic_Threat_0A38C7D0 : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2031-L2049"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2031-L2049"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "69ea7d2ea3ed6826ddcefb3c1daa63d8ab53dc6e66c59cf5c2506a8af1c62ef4"
 		logic_hash = "e3fde76825772683c57f830759168fc9a3b3f3387f091828fd971e9ebba06d8a"
 		score = 75
@@ -61174,8 +61209,8 @@ rule ELASTIC_Windows_Generic_Threat_98527D90 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2051-L2069"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2051-L2069"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fa24e7c6777e89928afa2a0afb2fab4db854ed3887056b5a76aef42ae38c3c82"
 		logic_hash = "5a93f0a372f3a51233c6b2334539017df922f35a0d5f7d1749e0dd79268cb836"
 		score = 75
@@ -61203,8 +61238,8 @@ rule ELASTIC_Windows_Generic_Threat_Baba80Fb : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2071-L2089"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2071-L2089"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dd22cb2318d66fa30702368a7f06e445fba4b69daf9c45f8e83562d2c170a073"
 		logic_hash = "ba0da35bc00b776ae9b427e3a4b312b1b75bdc9b972fb52f26a5df6737f1ddc9"
 		score = 75
@@ -61232,8 +61267,8 @@ rule ELASTIC_Windows_Generic_Threat_9F4A80B2 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2091-L2109"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2091-L2109"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24"
 		logic_hash = "1df3b8245bc0e995443d598feb5fe2605e05df64b863d4f47c17ecbe8d28c3ea"
 		score = 75
@@ -61261,8 +61296,8 @@ rule ELASTIC_Windows_Generic_Threat_39E1Eb4C : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2111-L2129"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2111-L2129"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a733258bf04ffa058db95c8c908a79650400ebd92600b96dd28ceecac311f94a"
 		logic_hash = "d7791ae7513bc5645bcfa93a2d7bf9f7ef47a6727ea2ba5eb85f3c8528761429"
 		score = 75
@@ -61290,8 +61325,8 @@ rule ELASTIC_Windows_Generic_Threat_D51Dd31B : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2131-L2150"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2131-L2150"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2a61c0305d82b6b4180c3d817c28286ab8ee56de44e171522bd07a60a1d8492d"
 		logic_hash = "85fc7aa81489b304c348ead2d7042bb5518ff4579b1d3e837290032c4b144e47"
 		score = 75
@@ -61320,8 +61355,8 @@ rule ELASTIC_Windows_Generic_Threat_3A321F0A : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2152-L2170"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2152-L2170"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91056e8c53dc1e97c7feafab31f0943f150d89a0b0026bcfb3664d2e93ccfe2b"
 		logic_hash = "83834dd7d4df5de4b6a032f1896f52c1ebdf16ca8ad9766e8872243f1a6da67e"
 		score = 75
@@ -61349,8 +61384,8 @@ rule ELASTIC_Windows_Generic_Threat_A82F45A8 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2172-L2190"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2172-L2190"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ad07428104d3aa7abec2fd86562eaa8600d3e4b0f8d78ba1446f340d10008b53"
 		logic_hash = "70ebab6b03af38ef8c81664cf49ab07066a9672666599d99c91291a9d2e3af0b"
 		score = 75
@@ -61378,8 +61413,8 @@ rule ELASTIC_Windows_Generic_Threat_D6625Ad7 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2192-L2210"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2192-L2210"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "878c9745320593573597d62c8f3adb3bef0b554cd51b18216f6d9f5d1a32a931"
 		logic_hash = "e90aff7c35f60cc3446f9eeb2131edb7125bfa04eb8f90c5671d06e9ff269755"
 		score = 75
@@ -61407,8 +61442,8 @@ rule ELASTIC_Windows_Generic_Threat_61Bbb571 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2212-L2230"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2212-L2230"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "41e2a6cecb1735e8f09b1ba5dccff3c08afe395b6214396e545347927d1815a8"
 		logic_hash = "6b1ec666f3689638b9db9f041b0a89660b27c32590b747c5da3f4a02f01c7112"
 		score = 75
@@ -61436,8 +61471,8 @@ rule ELASTIC_Windows_Generic_Threat_4A605E93 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2232-L2250"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2232-L2250"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1a84e25505a54e8e308714b53123396df74df1bde223bb306c0dc6220c1f0bbb"
 		logic_hash = "6ad7afa5bd03916917e2bbf4d736331f4319b20bfde296d7e62315584813699f"
 		score = 75
@@ -61465,8 +61500,8 @@ rule ELASTIC_Windows_Generic_Threat_B509Dfc8 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2252-L2270"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2252-L2270"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9b5124e5e1be30d3f2ad1020bbdb93e2ceeada4c4d36f71b2abbd728bd5292b8"
 		logic_hash = "90b00caf612f56a898b24c28ae6febda3fd11f382ab1deba522bdd2e2ba254b4"
 		score = 75
@@ -61494,8 +61529,8 @@ rule ELASTIC_Windows_Generic_Threat_7A49053E : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2272-L2292"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2272-L2292"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "29fb2b18cfd72a2966640ff59e67c89f93f83fc17afad2dfcacf9f53e9ea3446"
 		logic_hash = "6db95f20a2bcdfd7cb37cb33dae6351dd19f51a8c3cae54b1bb034af17378094"
 		score = 75
@@ -61525,8 +61560,8 @@ rule ELASTIC_Windows_Generic_Threat_Fca7F863 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2294-L2312"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2294-L2312"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d0e786dd8f1dc05eae910c6bcf15b5d05b4b6b0543618ca0c2ff3c4bb657af3"
 		logic_hash = "ad45fe6e8257d012824b36aaee1beccb82c1b78031de86c1f1dd26d5be88aa6f"
 		score = 75
@@ -61554,8 +61589,8 @@ rule ELASTIC_Windows_Generic_Threat_Cafbd6A3 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2314-L2333"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2314-L2333"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "97081a51aa016d0e6c9ecadc09ff858bf43364265a006db9d7cc133f8429bc46"
 		logic_hash = "28813fc8a49b6ec3fe7675409fde923f0f30851429a526c142e0a228b4e0efa6"
 		score = 75
@@ -61584,8 +61619,8 @@ rule ELASTIC_Windows_Generic_Threat_D8F834A9 : FILE MEMORY
 		date = "2024-01-29"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2335-L2353"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2335-L2353"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c118c2064a5839ebd57a67a7be731fffe89669a8f17c1fe678432d4ff85e7929"
 		logic_hash = "9fa1a65f3290867e4c59f14242f7261741e792b8be48c053ac320a315f2c1beb"
 		score = 75
@@ -61613,8 +61648,8 @@ rule ELASTIC_Windows_Generic_Threat_De3F91C6 : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2355-L2373"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2355-L2373"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2cd4a8ccbf4a3a93c1387c66d94e9506b5981357004929ce5a41fcedfffb20f"
 		logic_hash = "032ac2adb11782d823f50bfedf4e4decb731dbe7d3abbb3b05ccff598ba7edb8"
 		score = 75
@@ -61642,8 +61677,8 @@ rule ELASTIC_Windows_Generic_Threat_F0516E98 : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2375-L2394"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2375-L2394"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632"
 		logic_hash = "28f5b1a05d90745f432aee6bb9da3855d70b18d556153059794c5e53bbd5117c"
 		score = 75
@@ -61672,8 +61707,8 @@ rule ELASTIC_Windows_Generic_Threat_3C4D9Cbe : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2396-L2414"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2396-L2414"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632"
 		logic_hash = "b32f9a3b86c60d4d69c59250ac59e93aee70ede890b059b13be999adbe043d2c"
 		score = 75
@@ -61701,8 +61736,8 @@ rule ELASTIC_Windows_Generic_Threat_Deb82E8C : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2416-L2435"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2416-L2435"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0f5791588a9898a3db29326785d31b52b524c3097370f6aa28564473d353cd38"
 		logic_hash = "c24baecab39c72f6bb30713022297cb9fb41ef5339a353702f3f780a630d5b27"
 		score = 75
@@ -61731,8 +61766,8 @@ rule ELASTIC_Windows_Generic_Threat_278C589E : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2437-L2455"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2437-L2455"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cccc6c1bf15a7d5725981de950475e272c277bc3b9d266c5debf0fc698770355"
 		logic_hash = "59bbbecd73541750f7221b12895ccf51e1a6863ceca62e23f541df904ad23587"
 		score = 75
@@ -61760,8 +61795,8 @@ rule ELASTIC_Windows_Generic_Threat_6B621667 : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2457-L2475"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2457-L2475"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b50b39e460ecd7633a42f0856359088de20512c932fc35af6531ff48c9fa638a"
 		logic_hash = "3574b7ef24c4387a9919ed9831af7657047b26d8922ab78788619bbd3d0edd56"
 		score = 75
@@ -61789,8 +61824,8 @@ rule ELASTIC_Windows_Generic_Threat_C374Cd85 : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Generic_Threat.yar#L2477-L2495"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2477-L2495"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1c677585a8b724332849c411ffe2563b2b753fd6699c210f0720352f52a6ab72"
 		logic_hash = "8e183f780400f3bf9840798d53b431a4bf28bc43e07d69a3d614217e02f5dd79"
 		score = 75
@@ -61809,6 +61844,1522 @@ rule ELASTIC_Windows_Generic_Threat_C374Cd85 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Generic_Threat_7693D7Fd : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "7693d7fd-4161-4afb-8a8d-d487f2a7de5e"
+		date = "2024-02-13"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2497-L2515"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "fc40cc5d0bd3722126302f74ace414e6934eca3a8a5c63a11feada2130b34b89"
+		logic_hash = "886ad084f33faf8baae8a650a88095757c2cff9e18c8f5c50ff36120b43ec082"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "92489c8eb4f8a9da5e7bd858a47e20b342d70df1ba3a4769df06c434dc83d138"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 51 8B 45 08 83 65 FC 00 8B 00 0F B7 48 14 66 83 78 06 00 8D 4C 01 18 0F 86 9A 00 00 00 53 56 57 8D 59 24 8B 13 8B CA 8B F2 C1 E9 1D C1 EE 1E 8B FA 83 E1 01 83 E6 01 C1 EF 1F F7 C2 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Df5De012 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "df5de012-52b6-4558-a00b-2dbf052e34d3"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2517-L2535"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659"
+		logic_hash = "1a1ce3644c33a4591ab6582525366d47e07bdc2350aa6066ec5b5fedc605b037"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "ee293cda37e0f1c76f89a7d1e074c9591950299b2ae87cca11c6cf7fbfee1fc4"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 20 2C 3F 2C 2F 2C 37 2C 27 2C 3B 2C 2B 2C 33 2C 23 2C 3D 2C 2D 2C 35 2C 25 2C 39 2C 29 2C 31 2C 21 2C 3E 2C 2E 2C 36 2C 26 2C 3A 2C 2A 2C 32 2C 22 2C 3C 2C 2C 2C 34 2C 24 2C 38 2C 28 2C 30 2C 20 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_0E8530F5 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "0e8530f5-32ce-48a2-9413-5a8f4596ba12"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2537-L2556"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "9f44d9acf79ed4450195223a9da185c0b0e8a8ea661d365a3ddea38f2732e2b8"
+		logic_hash = "f4a010366625c059151d3e704f6ece1808f367401729feaf6cc423cf4d5c5c60"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "33007c3793c74aaac45434cbd0b524973073a7223d68fae8da5cbd7296120739"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 63 6D 64 20 2F 63 20 73 74 61 72 74 20 22 22 20 22 25 53 25 53 22 20 25 53 }
+		$a2 = { 76 68 61 50 20 71 20 65 71 30 75 61 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Ba807E3E : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "ba807e3e-13d8-49e0-ad99-32994d490e8b"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2558-L2576"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "cabd0633b37e6465ece334195ff4cc5c3f44cfe46211165efc07f4073aed1049"
+		logic_hash = "896eedb949eec6dff3e867ae3179b741382dd25ba06c6db452ac1ae5bc6bc757"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "e6ea7577f8f21e778d21b4651bf55e66ec53fb6d80d68f2ab344261be50d03cc"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 7D 4A 36 35 2B 7E 2E 2C 2F 37 2C 3D 31 7E 3B 3D 30 30 2F 2A 7E 3C 39 7E 2C 29 30 7E 35 30 7E 5A 4F 4B 7E 31 2F 3A 39 70 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_4578Ee8C : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "4578ee8c-9dfc-4fb2-b5dc-8f55b6ee26d0"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2578-L2596"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "699fecdb0bf27994d67492dc480f4ba1320acdd75e5881afbc5f73c982453fed"
+		logic_hash = "1a519bb84aae29057536ea09e53ff97cfe34a70c84ac6fa7d1ec173de3754f03"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "3a40e6e8f35c5c114b1b0175723d9403c357bba7170c4350194d40d4a2c94c61"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 73 65 72 2D 41 67 65 6E 74 3A 4D 6F 7A 69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 62 6C 65 3B 20 4D 53 49 45 20 25 64 2E 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54 20 25 64 2E 31 3B 20 53 56 31 29 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Ebf62328 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "ebf62328-f069-43f2-b943-6ddf64f04fb2"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2598-L2618"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "dfce19aa2e1a3e983c3bfb2e4bbd7617b96d57602d7a6da6fee7b282e354c9e1"
+		logic_hash = "e99b56dde761c5efad14f935befa4d1dbb31cd305b5d6af05a90d44dc3cd0098"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "44cce86a986cbb051f1b94c2d5b54830cbe7de1f3387e207bd6b267a5166bbe7"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 74 52 75 50 5B 5D 5F 5E 41 5C 41 5D 41 5E }
+		$a2 = { 5F 5E 41 5C 41 5E 41 5F 74 7A 75 78 }
+		$a3 = { 44 64 71 52 71 77 7C 61 69 41 66 6E 68 73 6F 72 48 60 6C 65 49 46 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Dcc622A4 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "dcc622a4-5c10-463b-a950-fc728f990bca"
+		date = "2024-02-14"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2620-L2638"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "94a3f10396c07783586070119becf0924de9a7caf449d6e07065837d54e6222d"
+		logic_hash = "9254226918f39389ccc347de1c5064552a8500ccef1884b8e27b6e98c651f45b"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "b47bd4baa68dc56948f29882cf5762b0af2d9f2a837349add4f5d0a8d4152cb2"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 5B 21 5D 20 45 72 72 6F 72 20 77 72 69 74 69 6E 67 20 73 68 65 6C 6C 63 6F 64 65 20 74 6F 20 74 68 65 20 74 61 72 67 65 74 20 64 72 69 76 65 72 2C 20 61 62 6F 72 74 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_046Aa1Ec : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "046aa1ec-5134-4a03-85c2-048b5d363484"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2640-L2658"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "c74cf499fb9298d43a6e64930addb1f8a8d8336c796b9bc02ffc260684ec60a2"
+		logic_hash = "da6552da3db4851806f5a0ce3c324a79acf4ee4b2690cb02cc8d8c88a2ba28f8"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "46591671500f83b6627a17368a0bbe43650da1dd58ba1a136a47818fe685bc68"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 C4 F4 D9 7D FE 66 8B 45 FE 80 CC 0C 66 89 45 FC D9 6D FC DF 7D F4 D9 6D FE 8B 45 F4 8B 55 F8 8B E5 5D C3 55 8B EC 51 33 D2 8D 5D 08 8B 03 83 C3 04 85 C0 74 03 03 50 04 49 75 F1 85 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_85C73807 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "85c73807-4181-4d4a-ba51-6ed923121486"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2660-L2678"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7f560a22c1f7511518656ac30350229f7a6847d26e1b3857e283f7dcee2604a0"
+		logic_hash = "90aa64f17b91ccdf367e1976cd1f5e89e15c7369a58b2d19187143e70939d756"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "8b63723aa1b89149c360048900a18e25a0a615f50cec1aaadca2578684f5bcb2"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 53 56 57 89 4D FC 8B DA 8B F0 8B 7D 08 C6 86 18 01 00 00 00 8B C3 E8 15 01 00 00 84 C0 75 0E 8B 55 FC 8B C6 8B CF E8 45 F8 FF FF EB 0F 56 57 8B FE 8B F3 B9 47 00 00 00 F3 A5 5F 5E }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_642Df623 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "642df623-00ae-48a9-8d61-aaa688606807"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2680-L2698"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da"
+		logic_hash = "555eb66f117312fa4ff3a49c0c40f89caddec3eb4b93d11bda2cce40529d46a0"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "fb2c74f7e3e7f4e25173c375fe863e643183da4f5d718d61fdd0271fcc581deb"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 50 B8 04 00 00 00 81 C4 04 F0 FF FF 50 48 75 F6 8B 45 FC 81 C4 3C FE FF FF 53 56 57 64 8B 05 30 00 00 00 8B 40 0C 8B 40 0C 8B 00 8B 00 8B 40 18 89 45 FC 33 C9 8B 45 FC 89 45 DC 8B 45 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_27A2994F : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "27a2994f-18e4-4608-bda6-ee76b6afd357"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2700-L2718"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "e534914e06d90e119ce87f5abb446c57ec3473a29a7a9e7dc066fdc00dc68adc"
+		logic_hash = "66f34ba3052e2369528aeaf076f10d58f8f3dca420666246e02191fecb057f8c"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "33d3f5b2c5fed68b19e14d6a35ee8db4ba3d6d566c87e24fc7a9223235cbd0ee"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 53 56 57 83 7D 08 00 75 05 E9 88 00 00 00 6A 09 E8 D7 FD FF FF 83 C4 04 8B 45 08 83 E8 20 89 45 FC 8B 4D FC 8B 51 14 81 E2 FF FF 00 00 83 FA 04 74 41 8B 45 FC 83 78 14 01 74 38 8B }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Dbceec58 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "dbceec58-0b98-470c-8439-23aa26b4064f"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2720-L2738"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "fbec30528e6f261aebf0d41f3cd6d35fcc937f1e20e1070f99b1b327f02b91e0"
+		logic_hash = "2a99fb7b342b43e3a4f0136d7d618625ca5708ae32e6fcabb11420bd8c89915b"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "5f470a7367ebbffebae8384aa552b3e9b1bda6bf4a3241bda047970341ee7c4c"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 EC 14 83 7D 08 00 74 0C 83 7D 0C 00 74 06 83 7D 10 00 75 08 8B 45 08 E9 87 00 00 00 8B 45 08 89 45 FC 8B 45 0C 89 45 F8 8B 45 10 C1 E8 02 89 45 EC 83 65 F4 00 EB 07 8B 45 F4 40 89 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_7407Eb79 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "7407eb79-69fd-4f5c-b883-ceb74fbdc9d5"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2740-L2758"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "9ae0f053c8e2c4f4381eac8265170b79301d4a22ec1fdb86e5eb212c51a75d14"
+		logic_hash = "a60c3e54493f9dab71584ba301c41c43f30d554df8c0b05674995faaf407ee48"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f1dbb42fdd80020fa2b30beb50ded6b8b3fe4b023935cef9bd32b3cb0a095654"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 EC 18 8B 45 08 8B 40 08 89 45 E8 8B 45 08 8B 40 0C 89 45 EC 8B 45 EC 83 C0 0C 89 45 F0 8B 45 F0 8B 00 89 45 F8 83 65 F4 00 E8 00 00 00 00 58 89 45 F4 8B 45 F8 3B 45 F0 74 31 8B 45 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_3613Fa12 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "3613fa12-b559-4c3f-8049-11bacd5ffd0c"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2760-L2778"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "1403ec99f262c964e3de133a10815e34d2f104b113b0197ab43c6b7b40b536c0"
+		logic_hash = "77b23aaf384de138214e64342e170f3dce667ee41c3063c999286da9af6fff42"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c66b5dad2e9b19be0bc67a652761d8f79ce85efde055cc412575c2d7c5583795"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 89 4D FC 8D 45 08 50 8B 4D FC E8 4D 03 00 00 8B 45 FC 8B E5 5D C2 04 00 CC CC CC CC 55 8B EC 51 89 4D FC 8B 45 FC 8B E5 5D C3 CC CC 55 8B EC 51 89 4D FC 8B 45 08 50 8B 4D FC E8 FD }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_B125Fff2 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b125fff2-7b36-431f-8ed3-ccb6d4ff9483"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2780-L2798"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "9c641c0c8c2fd8831ee4e3b29a2a65f070b54775e64821c50b8ccd387e602097"
+		logic_hash = "054f3f36c688e1f5c3116e7a926df12df90f79dc1d42bee2616b5251f6ad2c24"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "e2562c480b3ab0f0e6c5d396bc5d0584481348c1dd8edaac4484d9cb5d4a2b2e"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 6F 00 00 0A 6F 70 00 00 0A 00 28 24 00 00 06 0A 06 2C 24 00 28 1B 00 00 06 0B 07 2C 19 00 28 CE 04 00 06 16 FE 01 0C 08 2C 0B 7E 03 00 00 04 6F D3 04 00 06 00 00 00 28 1A 00 00 06 00 28 18 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_D7E5Ec2D : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "d7e5ec2d-bcd1-41a3-80de-12808b9034c9"
+		date = "2024-02-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2800-L2818"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "fe711664a565566cbc710d5e678a9a30063a2db151ebec226e2abcd24c0a7e68"
+		logic_hash = "4edb8cc1da81e0b9b3a8facc9a9a7d1e27dff0d2db7851d06a209beec3ccb463"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "e679e6917c5055384c0492e4a8a7538b41e5239b78e2167b04fffa3693f036bb"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 C4 F8 89 45 FC 8B 45 FC E8 17 FE FF FF 83 FA 00 75 03 83 F8 FF 77 16 8B 45 FC E8 F1 FE FF FF 83 FA 00 75 03 83 F8 FF 77 04 33 C0 EB 02 B0 01 88 45 FB 8A 45 FB 59 59 5D C3 8D 40 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_1636C2Bf : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1636c2bf-5506-4651-9c4c-cd6454386301"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2820-L2838"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "6e43916db43d8217214bbe4eb32ed3d82d0ac423cffc91d053a317a3dbe6dafb"
+		logic_hash = "c8b198cd5f9277ff3808ee2a313ab979d544b9e609d6623876d2e3c3c5668e38"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "b0cd9f484d4191d42091300be33c72a29c073c297b4e46811555fc6d1ab0f482"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 00 00 0A 28 22 00 00 0A 80 19 00 00 04 28 3B 00 00 06 28 2D 00 00 0A 28 45 00 00 06 16 80 1D 00 00 04 7E 13 00 00 04 7E 15 00 00 04 16 7E 15 00 00 04 8E B7 16 14 FE 06 43 00 00 06 73 63 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_0A640296 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "0a640296-0813-4cd3-b55b-01b3689e73d9"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2840-L2858"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "3682eff62caaf2c90adef447d3ff48a3f9c34c571046f379d2eaf121976f1d07"
+		logic_hash = "743c47c7a58e7d65261818b4b444aaf8015b9b55d3e54526b1d63a8770a6c5aa"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "3fa8712dbf0cdb0581fc312bcfa2e9ea50e04cccba6dc93f377c1b64e96784aa"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 00 00 0A 02 7B 0F 00 00 04 6F 29 00 00 0A 7D 10 00 00 04 02 7B 10 00 00 04 28 2A 00 00 0A 00 02 7B 08 00 00 04 7B 03 00 00 04 02 7B 10 00 00 04 6F 2B 00 00 0A 16 FE 01 0D 09 39 29 01 00 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_B1Ef4828 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b1ef4828-10bd-41f8-84b5-041bf3147c0b"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2860-L2879"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "29b20ff8ebad05e4a33c925251d08824ca155f5d9fa72d6f9e359e6ec6c61279"
+		logic_hash = "d5d63f38308c6f8e5ca54567c7c8b93fcde69601fbcc28d56d5231edd28163cf"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "e867d9a0a489d95898f85578c71d7411eac3142539fcc88df51d1cf048d351a9"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 70 36 72 20 74 24 76 28 78 2C 7A 30 7C 34 7E 38 7E 3C 7E 40 7E 54 7E 74 7E 7C 5D }
+		$a2 = { 7E 30 7E 34 7E 43 7E 4F 7E 5A 7E 6E 7E 79 7E }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_48Cbdc20 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "48cbdc20-386a-491e-8407-f7c4c348f2e9"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2881-L2900"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7a7704c64e64d3a1f76fc718d5b5a5e3d46beeeb62f0493f22e50865ddf66594"
+		logic_hash = "687d0f3dc85a7e4b23019deec59ee77c211101d40ed6622a952e69ebc4151483"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "98db38ebd05e99171489828491e6acfc7c4322283b325ed99429f366b0ee01a6"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 5E 69 69 69 4E 42 42 42 3E 2E 2E 2E 25 }
+		$a2 = { 24 2E 2E 2E 2F 41 41 41 3A 51 51 51 47 5D 5D 5D 54 69 69 69 62 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_420E1Cdc : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "420e1cdc-2d47-437a-986d-ff22d2fac978"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2902-L2920"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b20254e03f7f1e79fec51d614ee0cfe0cb87432f3a53cf98cf8c047c13e2d774"
+		logic_hash = "6bd8a7bd4392e04d64f2e0b93d80978f59f9af634a0c971ca61cb9cb593743e0"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "33f35c5c73656fc5987c39fabefa1225fef1734f4217518a1b6e7a78669c90c5"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 56 8B 75 08 85 F6 74 5A ?? ?? ?? ?? ?? 83 F8 03 75 16 56 E8 ED 01 00 00 59 85 C0 56 74 36 50 E8 0C 02 00 00 59 59 EB 3A 83 F8 02 75 26 8D 45 08 50 8D 45 FC 50 56 E8 25 0F 00 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_4C37E16E : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "4c37e16e-b7ca-449a-a09f-836706b2f66a"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2922-L2941"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "d83a8ed5e192b3fe9d74f3a9966fa094d23676c7e6586c9240d97c252b8e4e74"
+		logic_hash = "dabac8aa6a3f4d4bd726161fc6573ca9de4088e7d818c3cf33cafc91f680e7aa"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "9fbd2883fb0140de50df755f7099a0dc3cf377ee350710108fef96c912f43460"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 2E 3F 41 56 43 44 72 6F 70 41 70 69 40 40 }
+		$a2 = { 2D 2D 77 77 6A 61 75 67 68 61 6C 76 6E 63 6A 77 69 61 6A 73 2D 2D }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_5Be3A474 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "5be3a474-d12f-489f-a2a7-87d29687e2e6"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2943-L2961"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b902954d634307260d5bd8fb6248271f933c1cbc649aa2073bf05e79c1aedb66"
+		logic_hash = "0f0f46e3bdebb47a4f43ccb64d65ab1e15d68d38c117cb25e5723ec16e7e0758"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "8b220ea86ad3bbdcf6e2f976dc0bb84c1eb8cb1f3ad46ab5c9d19289952c912b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 53 56 57 8B F9 33 F6 8D 5F 02 66 8B 07 83 C7 02 66 3B C6 75 F5 8A 01 2B FB D1 FF 8D 5F FF 85 DB 7E 23 0F B6 F8 83 C1 02 66 8B 01 8D 49 02 66 2B C7 C7 45 FC 00 08 00 00 66 2B 45 FC }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_B191061E : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b191061e-7b83-4161-a1d4-05ab70ffe2be"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2963-L2981"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258"
+		logic_hash = "cbee10eab984249ceb9f8a82dc06aa014d6a249321f3d4f0d1e5657aab205ec8"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "5733de0357a6b5f6a3fe885786084c23707266b48e67b19dcddc48ed97e94207"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 EC 2C 64 A1 30 00 00 00 33 D2 53 56 57 8B 40 0C 8B F2 89 4D E8 89 55 F4 89 75 F8 8B 58 0C 8B 7B 18 89 7D F0 85 FF 0F 84 34 01 00 00 C7 45 E0 60 00 00 00 8B 43 30 89 55 FC 89 55 EC }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_05F52E4D : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "05f52e4d-d131-491a-a037-069b450e3b3e"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L2983-L3001"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "e578b795f8ed77c1057d8e6b827f7426fd4881f02949bfc83bcad11fa7eb2403"
+		logic_hash = "79898b59b6d3564aad85d823a1450600faff5b1d2dbfbe0cee4cc59971e4f542"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f3d5f6dc1f9b51ce1700605c8a018000124d66a260771de0da1a321dc97872dd"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 00 00 06 73 45 00 00 0A 73 46 00 00 0A 6F 47 00 00 0A 14 FE 06 29 00 00 06 73 45 00 00 0A 73 46 00 00 0A 0B 14 FE 06 2A 00 00 06 73 45 00 00 0A 73 46 00 00 0A 0C 07 6F 47 00 00 0A 08 6F 47 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_C34E19E9 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "c34e19e9-c666-4fc5-bbb3-75f64d247899"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3003-L3021"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "f9048348a59d9f824b45b16b1fdba9bfeda513aa9fbe671442f84b81679232db"
+		logic_hash = "87999b6f2cf359b6436ee7e57691ac73fc41f3947bf8fef3f6b98148e17f180d"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "148ffb1f73a3f337d188c78de638880ea595a812dfa7a0ada6dc66805637aeb3"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 00 00 0A 73 18 00 00 0A 7E 02 00 00 04 17 8D 3A 00 00 01 25 16 1F 2C 9D 6F 28 00 00 0A 8E 69 6F 29 00 00 0A 9A 0A 7E 01 00 00 04 17 8D 3A 00 00 01 25 16 1F 2C 9D 6F 28 00 00 0A 73 18 00 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_E691Eaa1 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "e691eaa1-06fa-478e-8c4c-95a7df3fd077"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3023-L3041"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "afa5f36860e69b9134b93e9ad32fed0a5923772e701437e1054ea98e76f28a77"
+		logic_hash = "0ac310e3f7cf99b77c2dcfea582752e2f1414caf43965c25d2f3f03cf27586cc"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "b940eb10e338f6d703a75cd77b4b455503ae0583f5a36b8115e659d05990fc3c"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 8B C2 53 89 45 FC 8B D9 56 99 33 F6 2B C2 57 8B F8 D1 FF 85 FF 7E 2B 8B 55 FC 4A 03 D3 0F B6 02 8D 52 FF 8A 0C 1E ?? ?? ?? ?? ?? ?? ?? 88 04 1E 46 0F B6 C1 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_5E33Bb4B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "5e33bb4b-830e-4814-b6cf-d5e5b4da7ada"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3043-L3061"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659"
+		logic_hash = "7e2002c3917ccab7d9f56a7aa20ea75be71aa7fdc64b7c3f87edb68be38e74b2"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "a08b9db015f1b6f62252d456b1b0cd0fdec1e19cdd2bc1400fe2bf76150ea07b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 43 3A 5C 55 73 65 72 73 5C 61 64 6D 69 6E 5C 44 65 73 6B 74 6F 70 5C 57 6F 72 6B 5C 46 69 6C 65 49 6E 73 74 61 6C 6C 65 72 5C 52 65 6C 65 61 73 65 5C 46 69 6C 65 49 6E 73 74 61 6C 6C 65 72 2E 70 64 62 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Be64Ba10 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "be64ba10-ea9d-45df-8c9b-2facc825b652"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3063-L3082"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a"
+		logic_hash = "c6acce53610baf119a0e2d55fc698a976463bbd21b739d4ac39a75383fa5fed2"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "9496099988cf4f854bf7f70bae158c6e17025a7537245c5f1d92a90f6b9bca67"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 22 65 6E 63 72 79 70 74 65 64 5F 6B 65 79 22 3A 22 28 2E 2B 3F 29 22 }
+		$a2 = { 2E 3F 41 56 3C 6C 61 6D 62 64 61 5F 37 65 66 38 63 66 32 36 39 61 32 32 38 62 36 30 34 64 36 35 34 33 32 65 37 65 63 33 37 30 31 34 3E 40 40 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_7Bb75582 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "7bb75582-ffcd-4a91-8816-811a3f9bdec8"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3084-L3102"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d"
+		logic_hash = "d959f755d28782b332248085034950a8d4cad3cde13b22254c90ca3952919e1b"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "326a08e467cbedb01c640232ad2f4da729894f09ccf5faba93926e1efded9b59"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 48 4B 45 59 5F 43 55 52 52 45 4E 54 5F 55 53 45 52 5C 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 43 75 72 72 65 6E 74 56 65 72 73 69 6F 6E 5C 49 6E 74 65 72 6E 65 74 20 53 65 74 74 69 6E 67 73 5C 43 6F 6E 6E 65 63 74 69 6F 6E 73 20 5B 31 20 37 20 31 37 5D }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_59698796 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "59698796-0022-486a-a743-6931745f38a0"
+		date = "2024-03-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3104-L3122"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d"
+		logic_hash = "59569049dbb09b7e15110fb8de1a146eb7fd606f116b4dd6c75ca973fb62296e"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "9260d02c3e6b163fd376445bd2a9c084ed85a5dbaf0509e15fff4e9c3d147f19"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 81 EC B8 04 00 00 ?? ?? ?? ?? ?? 33 C5 89 45 FC 56 68 00 04 00 00 0F 57 C0 C7 45 F8 00 00 00 00 8D 85 58 FB FF FF C7 85 54 FB FF FF 24 00 00 00 6A 00 50 8B F1 0F 11 45 D8 0F 11 45 E8 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_2Ae9B09E : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "2ae9b09e-b810-4bd2-9cb8-18b1d504eede"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3124-L3142"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "dc8f4784c368676cd411b7d618407c416d9e56d116dd3cd17c3f750e6cb60c40"
+		logic_hash = "183249214e5f8143eb91caf20778b870d17d7a52b6d71ad603827e8716e7e447"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "13ab32abf52bca58dfac79c09882ec4cb80b606693db19813d84e625bda93549"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 51 8B 45 08 89 45 FC 8B 45 0C 89 45 F8 8B 45 0C 48 89 45 0C 83 7D F8 00 76 0F 8B 45 FC C6 00 00 8B 45 FC 40 89 45 FC EB DE 8B 45 08 C9 C3 6A 41 5A 0F B7 C1 66 3B D1 77 0C 66 83 F9 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_604A8763 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "604a8763-7ec1-4474-b238-2ebbaf24afa2"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3144-L3162"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "2a51fb11032ec011448184a4f2837d05638a7673d16dcf5dcf4005de3f87883a"
+		logic_hash = "cf88c0d102680fc7c16d49b6e8dc49c16b27d5940edf078e667a45e70ebe3883"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c74c1dc7588d01112c3995b17e9772af15fb1634ebfb417b8c0069ac1f334e74"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 8B 45 0C 48 89 45 FC EB 07 8B 45 FC 48 89 45 FC 83 7D FC 00 7C 0B 8B 45 08 03 45 FC C6 00 00 EB E8 C9 C3 55 8B EC 83 EC 0C 8B 45 0C 89 45 FC 8B 45 08 3B 45 10 76 2F 8B 45 FC 89 45 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_F45B3F09 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "f45b3f09-4203-41f7-870e-d8ef5126c391"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3164-L3182"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "577f1dbd76030c7e44ed28c748551691d446e268189af94e1fa1545f06395178"
+		logic_hash = "9b01ad1271cc5052a793e5a885aa7289cbaea4a928f60d64194477c3036496ed"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "dfa72e0780e895ab5aa2369a425c64144e9bd435e55d8a0fefbe08121ae31df5"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 33 ED 44 8B ED 48 89 6C 24 78 44 8B FD 48 89 AC 24 88 00 00 00 44 8B F5 44 8B E5 E8 43 04 00 00 48 8B F8 8D 75 01 ?? ?? ?? ?? ?? 66 39 07 75 1A 48 63 47 3C 48 8D 48 C0 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_3F390999 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "3f390999-601f-464e-8982-09553adee303"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3184-L3202"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "1b6fc4eaef3515058f85551e7e5dffb68b9a0550cd7f9ebcbac158dac9ababf1"
+		logic_hash = "462a7a38ebbb39515ac2c0a10353660d0cadcfb99360adcd200edc1db5a716ba"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "ccfd5fb305ea48d66f299311c5332587355258bdeeb25cb90c450e8e96df3052"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 10 48 89 D9 48 8B 59 10 FF 61 08 0F 1F 40 00 49 89 CB C3 49 89 CA 41 8B 43 08 41 FF 23 C3 90 48 C1 E1 04 31 C0 81 E1 F0 0F 00 00 49 01 C8 4C 8D 0C 02 4E 8D 14 00 31 C9 45 8A 1C 0A 48 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Abd1C09D : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "abd1c09d-ec66-45ee-b435-302c736cc1f9"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3204-L3222"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "3ff09d2352c2163465d8c86f94baa25ba85c35698a5e3fbc52bc95afc06b7e85"
+		logic_hash = "80e6f317e5cd91cb3819e9251efc8c96218071bec577a38c8784826dd4a657cb"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "2f75d8fa11f67f983e40ada50a07e8a6f1b6dfc663524e35a6526381e939d39f"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 EC 0C 8B D1 53 56 57 8B 7D 0C 83 FF 08 77 1A 85 FF 74 16 8B 5D 08 8B 4A 14 8B 72 10 2B CE 8D 04 3B 3B C1 72 11 C6 42 44 00 33 C0 33 D2 5F 5E 5B 8B E5 5D C2 08 00 0F 57 C0 66 0F 13 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_B7870213 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b7870213-e235-4b2d-83c1-e3c7c486ee8d"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3224-L3242"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "04cb0d5eecea673acc575e54439398cc00e78cc54d8f43c4b9bc353e4fc4430d"
+		logic_hash = "79b8385543def42259cd9c09d4d7059ff6bb02a9e87cff1bc0a8861e3b333c5f"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "c087f84c8572dba64da62c9f317969cbce46e78656e0a75489788add787c2781"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 75 28 6B 6E 4E 30 30 30 31 30 32 30 33 30 34 30 35 30 36 30 37 30 38 30 39 31 30 31 31 31 32 31 33 31 34 31 35 31 36 31 37 31 38 31 39 32 30 32 31 32 32 32 33 32 34 32 35 32 36 32 37 32 38 32 39 33 30 33 31 33 32 33 33 33 34 33 35 33 36 33 37 33 38 33 39 34 30 34 31 34 32 34 33 34 34 34 35 34 36 34 37 34 38 34 39 35 30 35 31 35 32 35 33 35 34 35 35 35 36 35 37 35 38 35 39 36 30 36 31 36 32 36 33 36 34 36 35 36 36 36 37 36 38 36 39 37 30 37 31 37 32 37 33 37 34 37 35 37 36 37 37 37 38 37 39 38 30 38 31 38 32 38 33 38 34 38 35 38 36 38 37 38 38 38 39 39 30 39 31 39 32 39 33 39 34 39 35 39 36 39 37 39 38 39 39 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_2Bba6Bae : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "2bba6bae-7c6a-4b89-83d8-0656d7863820"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3244-L3262"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "d9955c716371422750b77d64256dade6fbd028c8d965db05c0d889d953480373"
+		logic_hash = "59e4b173c21b0ab161adf8d89f253f21403bca706b6bf40b3da00697f87dd509"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "85dc02cb74c481b5ecb144280827add9665138f0b5d479db5468a94b41e662a3"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 36 35 20 37 39 20 34 31 20 36 39 20 36 34 20 34 38 20 36 43 20 37 37 20 34 39 20 36 41 20 36 46 20 36 37 20 34 39 20 36 42 20 37 30 20 35 38 20 35 36 20 34 33 20 34 39 20 37 33 20 34 39 20 34 33 20 34 41 20 36 38 20 36 32 20 34 37 20 36 33 20 36 39 20 34 46 20 36 39 20 34 31 20 36 39 20 35 32 20 35 37 20 35 32 20 34 35 20 35 35 20 33 30 20 34 35 20 36 39 20 34 39 20 34 38 20 33 30 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_5D3F297C : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "5d3f297c-b812-401a-8671-2e00369cd6f2"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3264-L3282"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "885c8cd8f7ad93f0fd43ba4fb7f14d94dfdee3d223715da34a6e2fbb4d25b9f4"
+		logic_hash = "556d3bc9374a5ec23faa410900dfc94b5534434c9733165355d281976444a42b"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "ff90bfcb28bb3164fb11da5f35f289af679805f7e4047e48d97ae89e5b820dcd"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 83 EC 08 C7 45 F8 00 00 00 00 83 7D 08 00 74 4A 83 7D 0C 00 74 44 8B 45 0C 83 C0 01 50 6A 40 ?? ?? ?? ?? ?? ?? 89 45 F8 83 7D F8 00 74 2C C7 45 FC 00 00 00 00 EB 09 8B 4D FC 83 C1 01 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_4Db75701 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "4db75701-e7d6-4231-ba00-e127da90bfce"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3284-L3302"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "fa7847d21d5a350cf96d7ecbcf13dce63e6a0937971cfb479700c5b31850bba9"
+		logic_hash = "65f7d15ed551e069b30ce6c0a5f15d01d24b8b29727950269c9956fcf6dc799d"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "d8637b329a212bf37367ba3cc3acf65c9b511d1f06d689d792c519324459530d"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 48 81 EC D0 02 00 00 80 79 20 08 41 8B F1 45 8B F0 4C 8B FA 48 8B F9 0F 84 3A 01 00 00 48 89 58 10 48 89 68 18 43 8D 04 40 48 63 C8 ?? ?? ?? ?? ?? 48 8D 8C 24 20 02 00 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_54A914C9 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "54a914c9-1b00-4cea-9b82-f7ed1df1305f"
+		date = "2024-03-25"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3304-L3322"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "c418c5ad8030985bb5067cda61caba3b7a0d24cb8d3f93fc09d452fbdf4174ec"
+		logic_hash = "0cc3797564b4c722423f915493e07b0e0fec3085e7a535f9914f82d73c797bed"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "d3f4083c96130031ce9656ea31bf0914080c88f09c05f8b1168c60487af80c9b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 20 48 89 CB 48 8B 43 08 4C 8B 48 30 4D 85 C9 74 16 48 8D 4B 10 0F B6 D2 48 83 C4 20 5B 5E 5F 5D 41 5C 49 FF E1 66 90 44 0F B6 40 10 41 80 F8 16 0F 84 81 00 00 00 41 80 F8 18 74 0B 48 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_38A88967 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "38a88967-db0e-4d68-9295-9108cbc98fb9"
+		date = "2024-03-25"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3324-L3342"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "6e425eb1a27c4337f05d12992e33fe0047e30259380002797639d51ef9509739"
+		logic_hash = "ddbdb1c39a07141d83173504214c889aff75487570d906413ebc6f262fedf9ae"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "1fef2c4c2899bbf9f45732d23654f6437658de2c4dc78dc3d1ff5440b5c2cbcf"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 60 E8 00 00 00 00 5B ?? ?? ?? ?? ?? ?? 8B 75 08 8B 7D 0C AD 50 53 89 C1 29 DB 29 C0 AC C1 E3 04 01 C3 AA 89 D8 ?? ?? ?? ?? ?? 85 C0 74 07 89 C2 C1 EA 18 31 D3 F7 D0 21 C3 E2 DF 87 DA }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_E8Abb835 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "e8abb835-f0c1-4e27-a0ca-3a3cae3362df"
+		date = "2024-03-26"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3344-L3362"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "e42262671325bec300afa722cefb584e477c3f2782c8d4c6402d6863df348cac"
+		logic_hash = "0ad56b8c741a79a600a0d5588c4e8760a6d19fef72ff7814a00cfb84a90f23aa"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "ca8c2f4b16ebe1bb48c91a536d8aca98bed5592675eff9311e77d7e06dfe3c5b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 48 81 EC 28 05 00 00 66 44 0F 7F 84 24 10 05 00 00 66 0F 7F BC 24 00 05 00 00 0F 29 B4 24 F0 04 00 00 44 89 44 24 74 48 89 94 24 C8 00 00 00 48 89 CB 48 C7 44 24 78 00 00 00 00 0F 57 F6 0F 29 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_492D7223 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "492d7223-4e03-4a77-83e5-ed85e052f846"
+		date = "2024-03-26"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3364-L3382"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "c0d9c9297836aceb4400bcb0877d1df90ca387f18f735de195852a909c67b7ef"
+		logic_hash = "9fb2a00def86ed8476d906514a0bc630e28093ac37d757541d8801d2c8e0efc3"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "71a1bce450522a0a6ff38d2f84ab91e2e9db360736c2f7233124a0b0dc4d0431"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 89 E5 53 57 56 83 EC 24 ?? ?? ?? ?? ?? 31 C9 85 C0 0F 94 C1 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 C8 40 FF E0 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Ea296356 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "ea296356-6533-4364-8ad1-3bbb538e3d61"
+		date = "2024-05-22"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3384-L3402"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "4c48a0fe90f3da7bfdd32961da7771a0124b77e1ac1910168020babe8143e959"
+		logic_hash = "73ffd16f0047cd57311853aa9083fc21427f2eb21646c6edc7b8def86da90f90"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "a17ca2f95473517428867b4f68b8275ae84ef1ee39421e76887077e206b1ed51"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 83 EC 0C 53 56 8B 75 08 8B C6 89 55 FC 99 2B C2 89 4D F8 8B D8 8B 45 FC 57 D1 FB 33 FF 8D 14 30 89 55 08 85 DB 7E 36 4A 0F 1F 44 00 00 8A 0C 38 8D 52 FF 0F B6 42 01 8B 75 FC 0F B6 80 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_Aeaeb5Cf : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "aeaeb5cf-2683-4a88-b736-4b8873d92fc5"
+		date = "2024-05-22"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3404-L3422"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "f57d955d485904f0c729acff9db1de9cb42f32af993393d58538f07fa273b431"
+		logic_hash = "640966296bad70234e0fe7b6f87b92fcf4fc111189d307d44f32e926785f76cb"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f6d32006747b083632f551c8ca182b6b4d67a8f130a118e61b0dd2f35d7d8477"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 8B 4D 08 33 C0 66 39 01 74 0B 8D 49 00 40 66 83 3C 41 00 75 F8 8D 04 45 02 00 00 00 50 FF 75 0C 51 ?? ?? ?? ?? ?? 83 C4 0C 5D C3 CC CC 55 8B EC 6A 00 FF 75 08 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_C8424507 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "c8424507-34e1-4649-a4e4-3e0a0f62dfb0"
+		date = "2024-05-22"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3424-L3443"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "d556b02733385b823cfe4db7e562e90aa520e2e6fb00fceb76cc0a6a1ff47692"
+		logic_hash = "78d56257cb6e1d67f9343ee30b844fe20138e27ca3b6312a07112e5dbb797851"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "8dfb14903b32c118492ae7e0aab9cf634c58ea93fcbc7759615209f61b3b3d6b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 78 75 73 65 68 6F 62 69 6D 6F 7A 61 63 6F 67 6F 6A 69 68 6F 67 69 76 6F }
+		$a2 = { 62 65 6D 69 74 69 76 65 67 69 77 6F 6D 65 7A 75 76 65 62 61 67 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_9Af87Ddb : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "9af87ddb-c3ed-44a5-b1a1-984b6f8a6065"
+		date = "2024-05-23"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3445-L3463"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b1fbc11744e21dc08599412887a3a966572614ce25ccd3c8c98f04bcbdda3898"
+		logic_hash = "99174c5740324d7704a5c6ae924254f9b5f241c97901dfdb771fc176a76e4a30"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "1505b6299961c729077ffd90a4c7ed3180f55329952841fe7045056ea2919de8"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 28 00 00 0A 28 2C 00 00 06 11 06 17 D6 13 06 11 06 11 07 8E B7 32 98 06 17 D6 0A 20 E8 03 00 00 28 21 00 00 0A 7E 0F 00 00 04 3A 74 FF FF FF 2A 00 1B 30 04 00 96 00 00 00 1F 00 00 11 03 39 88 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_D7B57912 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "d7b57912-02b4-421a-8f93-9e8371314e68"
+		date = "2024-05-23"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3465-L3483"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "0906599be152dd598c7f540498c44cc38efe9ea976731da05137ee6520288fe4"
+		logic_hash = "a774e3030d81e29805a9784cfbbc0b69c4fedebe0daa25e403777e1f46f9094f"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "36a3fecc918cd891d9c779f7ff54019908ba190853739c8059adb84233643a1c"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 83 C4 B8 53 56 8B DA 89 45 FC 8D 45 FC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 64 FF 30 64 89 20 8B C3 ?? ?? ?? ?? ?? 6A 00 6A 00 8D 45 F0 50 8B 45 FC }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_23D33B48 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "23d33b48-00f6-487f-a3e5-f41603fc982e"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3485-L3503"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "acbc22df07888498ae6f52f5458e3fb8e0682e443a8c2bc97177a0320b4e2098"
+		logic_hash = "c9fb93bb74e4d45197d0da5b641860738a42a583b15cc098e86ea79bb8690bf7"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "7a25301a1297337810240e8880febe525726c9b79a4a4bd81b1f856865097995"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 83 7A 14 10 8B C2 53 56 57 8B F1 72 02 8B 02 83 7E 14 10 72 02 8B 0E 8B 5A 10 8D 56 10 8B 3A 53 50 89 55 FC 8B D7 51 ?? ?? ?? ?? ?? 8B D0 83 C4 0C 83 FA FF 74 30 3B FA 72 33 8B C7 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_4B0B73Ce : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "4b0b73ce-960d-40ce-ae85-5cf38d949f45"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3505-L3523"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "236fc00cd7c75f70904239935ab90f51b03ff347798f56cec1bdd73a286b24c1"
+		logic_hash = "d53923df612dd7fe0b1b2c94c1c5d747b08723df129089326ec27c5049769cef"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "11c544f9f3a51ffcd361d6558754a64a8a38f3ce9385038880ab58c99769db88"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 53 56 57 8B 7D 08 83 7F 18 00 C6 45 FF C9 74 54 ?? ?? ?? ?? ?? ?? 8D 9B 00 00 00 00 33 F6 83 7F 18 00 74 40 6A 0A FF D3 46 81 FE E8 03 00 00 7C ED 8B 07 8B 50 08 6A 01 8D 4D FF 51 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Generic_Threat_1F2E969C : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Generic Threat (Windows.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1f2e969c-5d90-4bab-a06a-9cccb1946251"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Generic_Threat.yar#L3525-L3543"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7def75df729ed66511fbe91eadf15bc69a03618e78c48e27c35497db2a6a97ae"
+		logic_hash = "7d984a902f9bf40c9b49da89aba9249f80b41b24ca1cdb6189f541b40ef41742"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "e7c872f2422fe54367900d69c9bb94d86db2bf001cbbe00ba6c801fb3d1e610e"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 55 8B EC 51 53 8B 5A 10 56 8B F1 57 6A 78 89 75 FC C7 46 10 00 00 00 00 C7 46 14 0F 00 00 00 53 89 75 FC C6 06 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 33 C9 33 C0 89 7D FC 85 DB 7E 39 0F 1F 40 00 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY
 {
 	meta:
@@ -61818,8 +63369,8 @@ rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a322b230a3451fd11dcfe72af4da1df07183d6aaf1ab9e062f0e6b14cf6d23cd"
 		logic_hash = "97d6b1b641c4b5b596b67a809e8e70bb0bccb9219282cd6c41bc905e2ea44c84"
 		score = 75
@@ -61847,8 +63398,8 @@ rule ELASTIC_Windows_Vulndriver_Eneio_6E01882F : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347"
 		logic_hash = "144ac5375cb637b6301a2275f2412fbd0d0c5fb23105c7cce5aa7912cf68fa2c"
 		score = 75
@@ -61876,8 +63427,8 @@ rule ELASTIC_Windows_Ransomware_Maze_61254061 : BETA FILE MEMORY
 		date = "2020-04-18"
 		modified = "2021-08-23"
 		reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Maze.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Maze.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b8537add953cdd7bc6adbff97f7f5a94de028709f0bd71102ee96d26d55f4f20"
 		score = 75
 		quality = 75
@@ -61906,8 +63457,8 @@ rule ELASTIC_Windows_Ransomware_Maze_46F40C40 : BETA FILE MEMORY
 		date = "2020-04-18"
 		modified = "2021-10-04"
 		reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Maze.yar#L23-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Maze.yar#L23-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "99180f41aaaf1dfb0a8a40709dcc392fdbc2b2d3a4d4b4a1ab160dd5f2b4c703"
 		score = 75
 		quality = 75
@@ -61937,8 +63488,8 @@ rule ELASTIC_Windows_Ransomware_Maze_20Caee5B : BETA FILE MEMORY
 		date = "2020-04-18"
 		modified = "2021-08-23"
 		reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Maze.yar#L46-L71"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Maze.yar#L46-L71"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e09c059b285d2176aeba1a1f70d39f13cef4e05dc023c7db25fb9d92bd9a67d9"
 		score = 75
 		quality = 75
@@ -61972,8 +63523,8 @@ rule ELASTIC_Windows_Ransomware_Maze_F88F136F : BETA FILE MEMORY
 		date = "2020-04-18"
 		modified = "2021-08-23"
 		reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Maze.yar#L73-L94"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Maze.yar#L73-L94"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5587f332a076650f6ad7b1e3b464ef6085d960e6dacf53607cf75c9f9ad07628"
 		score = 75
 		quality = 75
@@ -62003,8 +63554,8 @@ rule ELASTIC_Windows_Trojan_Modpipe_12Bc2604 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0a26de1b2fb48d65cde61b60c0eba478da73a3eeaeb785d1b2d6095eccbe34e2"
 		score = 75
 		quality = 75
@@ -62034,8 +63585,8 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY
 		date = "2024-03-13"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "97e67ac77d80d26af4897acff2a3f6075e0efe7997a67d8194e799006ed5efc9"
 		logic_hash = "32f79695829f703bf9996d212aeb563791aed28e1bbb9f700cb45325fd02db77"
 		score = 75
@@ -62064,8 +63615,8 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY
 		date = "2024-03-13"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c"
 		logic_hash = "aa1a4813a18b4eb4f07e805ff9c87523ad74f59c0ed538212918335eaeee29d7"
 		score = 75
@@ -62100,8 +63651,8 @@ rule ELASTIC_Windows_Hacktool_Sharpersist_06606812 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8"
 		logic_hash = "ddabfb54422f6fb2ad6999b724b1d8f186adf71f96f01a8770715029529e869a"
 		score = 75
@@ -62133,8 +63684,8 @@ rule ELASTIC_Macos_Hacktool_Jokerspy_58A6B26D : FILE MEMORY
 		date = "2023-06-19"
 		modified = "2023-06-19"
 		reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8"
 		logic_hash = "e9e1333c7172d5a0f06093a902edefd7f128963dbaadf77e829f032ccb04ce56"
 		score = 75
@@ -62167,8 +63718,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_91902940 : FILE MEMORY
 		date = "2022-04-29"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028"
 		logic_hash = "71e26cce6d730560e1303b2a4f49d0da6d1341263bb47ade46338f03e528cbf7"
 		score = 75
@@ -62203,8 +63754,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_F11D57Df : FILE MEMORY
 		date = "2022-04-29"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45ece107409194f5f1ec2fbd902d041f055a914e664f8ed2aa1f90e223339039"
 		logic_hash = "6401b215523289a3842dec6d3e016a2ca99512c5889e87cb5ff13023bb0b8e1e"
 		score = 75
@@ -62237,8 +63788,8 @@ rule ELASTIC_Linux_Ransomware_Clop_728Cf32A : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Clop.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Clop.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef"
 		logic_hash = "31c2fdfcfc46ad1dd69489536172937b9771d8505f36c7bd8dc796f40a2fe4d2"
 		score = 75
@@ -62269,8 +63820,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_E64A16B1 : FILE MEMORY
 		date = "2021-08-04"
 		modified = "2021-10-04"
 		reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e"
 		logic_hash = "915425ad49f1b9ebde114f92155d5969ec707304403f46d891d014b399165a4d"
 		score = 75
@@ -62299,8 +63850,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_95A98E69 : FILE MEMORY
 		date = "2021-08-04"
 		modified = "2021-10-04"
 		reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00f18713f860dc8394fb23a1a2b6280d1eb2f20a487c175433a7b495a1ba408d"
 		logic_hash = "d17ef93943e826613be4c21ad1e41d1daa33db9da0fa6106bb8ba6334ebe1d08"
 		score = 75
@@ -62330,8 +63881,8 @@ rule ELASTIC_Windows_Trojan_Zloader_5Dd0A0Bf : FILE MEMORY
 		date = "2022-03-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Zloader.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Zloader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa"
 		logic_hash = "1446a4147e1b06fa66907de857011079c55a8e6bf84276eb8518d33468ba1f83"
 		score = 75
@@ -62359,8 +63910,8 @@ rule ELASTIC_Windows_Trojan_Zloader_4Fe0F7F1 : FILE MEMORY
 		date = "2022-03-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Zloader.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Zloader.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa"
 		logic_hash = "b20fafc9db08c7668b49e18f45632594c3a69ec65fe865e79379c544fc424f8d"
 		score = 75
@@ -62388,8 +63939,8 @@ rule ELASTIC_Windows_Trojan_Zloader_363C65Ed : FILE MEMORY
 		date = "2022-03-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Zloader.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Zloader.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa"
 		logic_hash = "d3c530f9929db709067a9e1cc59b9cda9dcd8e19352c79ddaf7af6c91b242afd"
 		score = 75
@@ -62417,8 +63968,8 @@ rule ELASTIC_Windows_Trojan_Zloader_79535191 : FILE MEMORY
 		date = "2022-03-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Zloader.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Zloader.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa"
 		logic_hash = "c398a8ca46c6fe3e59481a092867be77a94809b1568cea918aa6450374063857"
 		score = 75
@@ -62446,8 +63997,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A6E956C9 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fb4e3e54618075d5ef6ec98d1ba9c332ce9f677f0879e07b34a2ca08b2180dd9"
 		score = 75
 		quality = 75
@@ -62475,8 +64026,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_38B8Ceec : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8e3bc02661cedb9885467373f8120542bb7fc8b0944803bc01642fbc8426298b"
 		score = 75
 		quality = 75
@@ -62504,8 +64055,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_7Bc0F998 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "29cb48086dbcd48bd83c5042ed78370e127e1ea5170ee7383b88659b31e896b5"
 		score = 75
 		quality = 75
@@ -62533,8 +64084,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_F7F826B4 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2f5264e07c65d5ef4efe49a48c24ccef9a4b9379db581d2cf18e1131982e6f2f"
 		score = 75
 		quality = 75
@@ -62562,8 +64113,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_24338919 : FILE MEMORY
 		date = "2021-03-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "af8cceebdebca863019860afca5d7c6400b68c8450bc17b7d7b74aeab2d62d16"
 		score = 75
 		quality = 75
@@ -62591,8 +64142,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_0F5A852D : FILE MEMORY
 		date = "2021-04-07"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "11cddf2191a2f70222a0c8c591e387b4b5667bc432a2f686629def9252361c1d"
 		score = 75
 		quality = 75
@@ -62620,8 +64171,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_C9773203 : FILE MEMORY
 		date = "2021-04-07"
 		modified = "2021-08-23"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1d6503ccf05b8e8b4368ed0fb2e57aa2be94151ce7e2445b5face7b226a118e9"
 		score = 75
 		quality = 75
@@ -62649,8 +64200,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_Dd5Ce989 : FILE MEMORY
 		date = "2021-04-14"
 		modified = "2021-08-23"
 		reference = "https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "86cf98bf854b01a55e3f306597437900e11d429ac6b7781e090eeda3a5acb360"
 		logic_hash = "5c094979be1cd347ffee944816b819b6fbb62804b183a6120cd3a93d2759155b"
 		score = 75
@@ -62681,8 +64232,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_96233B6B : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e7a2d966deea3a2df6ce1aeafa8c2caa753824215a8368e0a96b394fb46b753b"
 		logic_hash = "09a2b9414a126367df65322966b671fe7ea963cd65ef48e316c9d139ee502d31"
 		score = 75
@@ -62711,8 +64262,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_4A1C4Da8 : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22"
 		logic_hash = "9d3a3164ed1019dcb557cf20734a81be9964a555ddb2e0104f7202880b2ed177"
 		score = 75
@@ -62741,8 +64292,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_91Bc5D7D : FILE MEMORY
 		date = "2021-08-02"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987"
 		logic_hash = "74154902b03c36a4ee9bc54ae9399bae9e6afb7fe8d0fe232b88250afc368d6f"
 		score = 75
@@ -62770,8 +64321,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A91A6571 : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ff7795edff95a45b15b03d698cbdf70c19bc452daf4e2d5e86b2bbac55494472"
 		logic_hash = "cc59320ba9f8907d1d9b9dc120d8b4807b419e49c55be1fd5d2cdbb0c5d4e5cc"
 		score = 75
@@ -62799,8 +64350,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B29Fe355 : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4f0ab4e42e6c10bc9e4a699d8d8819b04c17ed1917047f770dc6980a0a378a68"
 		logic_hash = "7a2189b59175acb66a7497c692a43c413a476f5c4371f797bf03a8ddb550992c"
 		score = 75
@@ -62830,8 +64381,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_66140F58 : FILE MEMORY
 		date = "2022-08-15"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01a0c5630fbbfc7043d21a789440fa9dadc6e4f79640b370f1a21c6ebf6a710a"
 		logic_hash = "0a855b7296f7cea39cc5d57b239d3906133ea43a0811ec60e4d91765cf89aced"
 		score = 75
@@ -62859,8 +64410,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_2092C42A : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e47d88c11a89dcc84257841de0c9f1ec388698006f55a0e15567354b33f07d3c"
 		logic_hash = "83c46c6b957f10d406ea9985c518eb2fba3e82b9023bfdefa8bdd4be7fb67826"
 		score = 75
@@ -62889,8 +64440,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_46E1C247 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ef70e1faa3b1f40d92b0a161c96e13c96c43ec6651e7c87ee3977ed07b950bab"
 		logic_hash = "760a4e28e312a7d744208dc833ffad8d139ce7c536b407625a7fb0dff5ddb1d1"
 		score = 75
@@ -62919,8 +64470,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B62Aac1E : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "af9af81f7e46217330b447900f80c9ce38171655becb3b63e51f913b95c71e70"
 		logic_hash = "3ef6b7fb258b060ae00b060dbf9b07620f8cda0d9a827985bbb3ed9617969ef6"
 		score = 75
@@ -62949,8 +64500,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_47F5D54A : FILE MEMORY
 		date = "2023-11-13"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bc3754cf4a04491a7ad7a75f69dd3bb2ddf0d8592ce078b740d7c9c7bc85a7e1"
 		logic_hash = "be080d0aae457348c4a02c204507a8cb14d1728d1bc50d7cf12b577aa06daf9f"
 		score = 75
@@ -62979,8 +64530,8 @@ rule ELASTIC_Windows_Trojan_Icedid_1Cd868A6 : FILE MEMORY
 		date = "2021-02-28"
 		modified = "2021-08-23"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff"
 		logic_hash = "4765b2b1d463f09d7e21367c2832b3ad668aa67d8078798a14295b6e6c846c1c"
 		score = 75
@@ -63008,8 +64559,8 @@ rule ELASTIC_Windows_Trojan_Icedid_237E9Fb6 : FILE MEMORY
 		date = "2021-02-28"
 		modified = "2021-08-23"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457"
 		logic_hash = "31479eae077b2d78cb1770eef3b37bec941f35c9ceb329e01dd65a32e785fa74"
 		score = 75
@@ -63037,8 +64588,8 @@ rule ELASTIC_Windows_Trojan_Icedid_F1Ce2F0A : FILE MEMORY
 		date = "2021-02-28"
 		modified = "2021-08-23"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L45-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L45-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457"
 		logic_hash = "a1f1824a7208201616dde40bea514dfc2cdf908bd8ed24b9f96c2bcad2c8107f"
 		score = 75
@@ -63066,8 +64617,8 @@ rule ELASTIC_Windows_Trojan_Icedid_08530E24 : FILE MEMORY
 		date = "2021-03-21"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L67-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L67-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "31db92c7920e82e49a968220480e9f130dea9b386083b78a79985b554ecdc6e4"
 		logic_hash = "a63511edde9d873e184ddb4720b4752b0e7df4bdb2114b05c16f2ca0594eb6b8"
 		score = 75
@@ -63108,8 +64659,8 @@ rule ELASTIC_Windows_Trojan_Icedid_11D24D35 : FILE MEMORY
 		date = "2022-02-16"
 		modified = "2022-04-06"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L101-L121"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L101-L121"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982"
 		logic_hash = "4a5d0f37e3e80e370ae79fd45256dbd274ed8f8bcd021e8d6f95a0bc0bc5321f"
 		score = 75
@@ -63138,8 +64689,8 @@ rule ELASTIC_Windows_Trojan_Icedid_0B62E783 : FILE MEMORY
 		date = "2022-04-06"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L123-L142"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L123-L142"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a"
 		logic_hash = "aca126529dfa8047ed7dfdc60d970759ab5307448d7d764f88e402cd8d2a016f"
 		score = 75
@@ -63167,8 +64718,8 @@ rule ELASTIC_Windows_Trojan_Icedid_91562D18 : FILE MEMORY
 		date = "2022-04-06"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L144-L163"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L144-L163"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a"
 		logic_hash = "81c87d0d6726bc2dde42fe93c77af53cdd29bb6437fe3d47d1b4550140722c88"
 		score = 75
@@ -63196,8 +64747,8 @@ rule ELASTIC_Windows_Trojan_Icedid_2086Aecb : FILE MEMORY
 		date = "2022-04-06"
 		modified = "2022-03-02"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L165-L184"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L165-L184"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a"
 		logic_hash = "561bf7eacfbbf1b4e0c111347f0d6ff4325bdbce8db73bee1ba836b610569c0d"
 		score = 75
@@ -63225,8 +64776,8 @@ rule ELASTIC_Windows_Trojan_Icedid_48029E37 : FILE MEMORY
 		date = "2022-04-06"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L186-L205"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L186-L205"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a"
 		logic_hash = "1fe337d7a0607938aaf57cf25c1373aadf315b7a8cec133d6d30a38bd58e1027"
 		score = 75
@@ -63254,8 +64805,8 @@ rule ELASTIC_Windows_Trojan_Icedid_56459277 : FILE MEMORY
 		date = "2022-08-21"
 		modified = "2023-03-02"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L207-L237"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L207-L237"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "21b1a635db2723266af4b46539f67253171399830102167c607c6dbf83d6d41c"
 		logic_hash = "a18557217c69a3bb8c3da7725d2e0ed849741f8e36341a4ea80eea09d47a5b45"
 		score = 75
@@ -63294,8 +64845,8 @@ rule ELASTIC_Windows_Trojan_Icedid_7C1619E3 : FILE MEMORY
 		date = "2022-12-20"
 		modified = "2023-02-01"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L239-L261"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L239-L261"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4f6de748628b8b06eeef3a5fabfe486bfd7aaa92f50dc5a8a8c70ec038cd33b1"
 		logic_hash = "24ddaf474dabc5e91cce08734a035feced9048a3faac4ff236bc97e6caabd642"
 		score = 75
@@ -63326,8 +64877,8 @@ rule ELASTIC_Windows_Trojan_Icedid_D8B23Cd6 : FILE MEMORY
 		date = "2023-01-03"
 		modified = "2023-01-03"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L263-L294"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L263-L294"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bd4da2f84c29437bc7efe9599a3a41f574105d449ac0d9b270faaca8795153ab"
 		logic_hash = "47e427a4f088de523115f438cad9fc26233158b0518d87703c282df351110762"
 		score = 75
@@ -63367,8 +64918,8 @@ rule ELASTIC_Windows_Trojan_Icedid_A2Ca5F80 : FILE MEMORY
 		date = "2023-01-16"
 		modified = "2023-04-23"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L296-L323"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L296-L323"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e36266cd66b9542f2eb9d38f9a01f7b480f2bcdbe61fe20944dca33e22bd3281"
 		score = 75
 		quality = 75
@@ -63404,8 +64955,8 @@ rule ELASTIC_Windows_Trojan_Icedid_B8C59889 : FILE MEMORY
 		date = "2023-05-05"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L325-L349"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L325-L349"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a63d08cd53053bfda17b8707ab3a94cf3d6021097335dc40d5d211fb9faed045"
 		logic_hash = "08c6c604d1791c35a8494e5ec8a96e8c5dd2ca3d6c57971da20057ce8960fa1d"
 		score = 75
@@ -63438,8 +64989,8 @@ rule ELASTIC_Windows_Trojan_Icedid_81Eff9A3 : FILE MEMORY
 		date = "2023-05-05"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_IcedID.yar#L351-L371"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_IcedID.yar#L351-L371"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "96dacdf50d1db495c8395d7cf454aa3a824801cf366ac368fe496f89b5f98fe7"
 		logic_hash = "923dd8166cce0ec32b3b8b20cad192b3c15b7ce7c17fd44ddda739ad205a6c06"
 		score = 75
@@ -63468,8 +65019,8 @@ rule ELASTIC_Linux_Trojan_Backconnect_C6803B39 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a5e6b084cdabe9a4557b5ff8b2313db6c3bb4ba424d107474024030115eeaa0f"
 		logic_hash = "02750b2788c2912bba0fc8594f6a12c75ce1f41d1075acf7c920f6e616ab65c7"
 		score = 75
@@ -63497,8 +65048,8 @@ rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-01-29"
 		reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Iox.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Iox.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d4544a521d4e6eb07336816b1aae54f92c5c4fd2eb31dcfbdf26e4ef890e73db"
 		logic_hash = "d7f9e4f399410d54416e974fbd66b2caa27359ae0f2e33e01d62f1aa618daa34"
 		score = 75
@@ -63529,8 +65080,8 @@ rule ELASTIC_Windows_Trojan_Dridex_63Ddf193 : FILE MEMORY
 		date = "2021-08-07"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Dridex.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Dridex.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b1d66350978808577159acc7dc7faaa273e82c103487a90bf0d040afa000cb0d"
 		logic_hash = "e792f4693be0a7c71d1e638212a8fb3acb1e14dedd48218861fad8c09811da29"
 		score = 75
@@ -63559,8 +65110,8 @@ rule ELASTIC_Windows_Trojan_Dridex_C6F01353 : FILE MEMORY
 		date = "2021-08-07"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Dridex.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Dridex.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "739682ccb54170e435730c54ba9f7e09f32a3473c07d2d18ae669235dcfe84de"
 		logic_hash = "7146204d779610c04badfc7d884ff882ff5f1439b61f889d1edf4419240c5751"
 		score = 75
@@ -63588,8 +65139,8 @@ rule ELASTIC_Windows_PUP_Generic_198B73Aa : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_PUP_Generic.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_PUP_Generic.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a584c34b9dfc2d78bf8a1e594a2ed519d20088184ce1df09e679b2400aa396d3"
 		score = 75
 		quality = 75
@@ -63618,8 +65169,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_8C6750B5 : FILE MEMORY
 		date = "2023-06-05"
 		modified = "2023-06-19"
 		reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1"
 		logic_hash = "03e36f927513625d1dd997c79843b1b14e344e8411155740213d7aff9794c5c6"
 		score = 75
@@ -63652,8 +65203,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5B220E9C : FILE MEMORY
 		date = "2024-02-06"
 		modified = "2024-02-08"
 		reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d836b06b0118e6d258e318b1cfdc509cacc0859c6a6b3d7c5f4d2525e00d97b2"
 		logic_hash = "1d2158716b7c32734f12f8528352a3872e21fea2f9b21a36d6ac44fcd50a9f3c"
 		score = 75
@@ -63687,8 +65238,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5441F511 : FILE MEMORY
 		date = "2024-02-15"
 		modified = "2024-02-21"
 		reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fa44408874c6a007212dfc206cbecbac7a3e50df94da4ce02de2e04e9119c79f"
 		score = 75
 		quality = 75
@@ -63721,8 +65272,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_95Db8B5A : FILE MEMORY
 		date = "2024-02-15"
 		modified = "2024-02-21"
 		reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "74073ceae1b26b953b7644d56a2ec92993b83802a30ce82c6921df5448ebab06"
 		score = 75
 		quality = 75
@@ -63754,8 +65305,8 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Morpes.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Morpes.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "14c4c297388afe4be47be091146aea6c6230880e9ea43759ef29fc1471c4b86b"
 		logic_hash = "27eb8b4d0f91477c2ac26a5e25bfc52903faf5501300ec40773d3fc6797c3218"
 		score = 75
@@ -63774,6 +65325,35 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Exploit_CVE_2022_38028_31Fdb122 : FILE MEMORY CVE_2022_38028
+{
+	meta:
+		description = "Detects Windows Exploit Cve 2022 38028 (Windows.Exploit.CVE-2022-38028)"
+		author = "Elastic Security"
+		id = "31fdb122-36fd-4fae-b605-542dc344575c"
+		date = "2024-06-06"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f"
+		logic_hash = "df0ef11ce8e840c331d1db8f98917367dc2a33b6f1be48adb9d0b86729ecbe99"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY, CVE-2022-38028"
+		fingerprint = "e489287412ee673f4d93c5efc9e61b5d26d877bb0f4ddf827926b4d5d87dc399"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 70 72 69 6E 74 54 69 63 6B 65 74 2E 58 6D 6C 4E 6F 64 65 2E 6C 6F 61 64 28 27 25 53 3A 2F 2F 67 6F 27 29 3B }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY
 {
 	meta:
@@ -63783,8 +65363,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY
 		date = "2022-01-17"
 		modified = "2022-01-17"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92"
 		logic_hash = "04452141a867d4f6fce618c21795cc142a1265b56c62ecb9e579003d36b4b2b9"
 		score = 75
@@ -63813,8 +65393,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_3476008E : FILE MEMORY
 		date = "2022-01-18"
 		modified = "2022-01-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d"
 		logic_hash = "729818df1b6b82fc00eba0fe1c9139ec4746e1775146ab7fdea9e25dec1cddea"
 		score = 75
@@ -63845,8 +65425,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_5D112Feb : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de"
 		logic_hash = "d234a1e74234400f51c2aa7a9fb1549be1bc422bdf585db7d2ec9ad1ec75e490"
 		score = 75
@@ -63876,8 +65456,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_612A7A16 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8fda0e1775d903b73836d4103f6e8b0e2f052026b3acdb07bd345b9ddb3c873a"
 		score = 75
 		quality = 75
@@ -63906,8 +65486,8 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY
 		date = "2022-08-02"
 		modified = "2022-08-16"
 		reference = "https://www.elastic.co/security-labs/luna-ransomware-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_Luna.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_Luna.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51"
 		logic_hash = "14e40c5b1a21ba31664ed31b04bfc4a8646b3e31f96d39e0928a3d6a50d79307"
 		score = 75
@@ -63933,6 +65513,40 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY
 	condition:
 		5 of ($str_*) or all of ($chunk_*)
 }
+rule ELASTIC_Linux_Trojan_Dinodasrat_1D371D10 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Dinodasrat (Linux.Trojan.DinodasRAT)"
+		author = "Elastic Security"
+		id = "1d371d10-b2ae-4ea0-ad37-f5a5a571a6fc"
+		date = "2024-04-02"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff"
+		logic_hash = "933e78882be1d8dd9553ba90f038963d1b6f8f643888258541b7668aa3434808"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "a53bf582ad95320dd6f432cb7290ce604aa558e4ecf6ae4e11d7985183969db1"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$s1 = "int MyShell::createsh()"
+		$s2 = "/src/myshell.cpp"
+		$s3 = "/src/inifile.cpp"
+		$s4 = "Linux_%s_%s_%u_V"
+		$s5 = "/home/soft/mm/rootkit/"
+		$s6 = "IniFile::load_ini_file"
+
+	condition:
+		4 of them
+}
 rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY
 {
 	meta:
@@ -63942,8 +65556,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5c450d4be39caef1d9ec943f5dfeb6517047175fec166a52970c08cd1558e172"
 		logic_hash = "4d61de2cb37e12f62326c1717f6ed44554f5d2aa7ede6033d0c988e5e64df54d"
 		score = 75
@@ -63971,8 +65585,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_06Fd4Ac4 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "bde387f1e22d1399fb99f6d41732a37635d8e90f29626f2995914a073a7cac89"
 		score = 75
 		quality = 75
@@ -64000,8 +65614,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Ce4305D1 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c547114475383e5d84f6b8cb72585ddd5778ae3afa491deddeef8a5ec56be1b5"
 		score = 75
 		quality = 75
@@ -64028,8 +65642,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1E56Fad7 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "815b37804f79fb4607e6b84294882d818233c3df13aececb3d341244900a2e44"
 		score = 75
 		quality = 75
@@ -64056,8 +65670,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_93C9A2A4 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "dadeeba6147b118b80e014ab067eac7a2c3c2990958a6c7016562d8b64fef53c"
 		score = 75
 		quality = 75
@@ -64084,8 +65698,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5340Afa3 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8b9d3c978f0c4a04ee5b3446b990172206b17496036bc1cc04180ea7e9b99734"
 		score = 75
 		quality = 75
@@ -64112,8 +65726,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_E7932501 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f82704a408a0cf1def2a5926dc4c02fa56afea1422c88ba41af50d44c60edb07"
 		score = 75
 		quality = 75
@@ -64140,8 +65754,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cd0868D5 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "053a99e5e722fd2aa1cae96266cc344954f9c3a12d0851fa9d5e95a6420651f4"
 		score = 75
 		quality = 75
@@ -64168,8 +65782,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_515504E2 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5410068e09de4a1283f98f6364ddf243373e228ba060b00699db6323f1167684"
 		score = 75
 		quality = 75
@@ -64196,8 +65810,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_A0Fc8F35 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7ab2b45ddfc1d7fa409a6ea3dfd8d4940e1bdf3fc0cb6c7e8d49c60e7bda5b1b"
 		score = 75
 		quality = 75
@@ -64224,8 +65838,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cb95Dc06 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "563b2311d37ace2d09601a70325352db3fcbf135e7ce518965f5410081b5d626"
 		score = 75
 		quality = 75
@@ -64252,8 +65866,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9D4D3Fa4 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7c3c9917a95248fd990b6947a0304ded473bf1bcceec8f4498a7955e879d348b"
 		score = 75
 		quality = 75
@@ -64280,8 +65894,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_34F00046 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f9d646645d6726e3aac5cc3eaea9edf1c89c7e743aff7cfa73998a72f3446711"
 		score = 75
 		quality = 75
@@ -64308,8 +65922,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F2A18B09 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c4c4b0b1df1e8fde87284fb27d46e917c47b479a675fec60faeca6185511907d"
 		score = 75
 		quality = 75
@@ -64336,8 +65950,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D916Ae65 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e0aafe498cd9f0e8addfef78027943a754ca797aafae0cb40f1c6425de501339"
 		score = 75
 		quality = 75
@@ -64364,8 +65978,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_52722678 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6340171fdde68b32de480f1f410aa4c491a8fffa7c1f699bf5fa72a12ecb77b8"
 		score = 75
 		quality = 75
@@ -64392,8 +66006,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_28A60148 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "20a26ed3f0da3a77867597494bf0069a2093ec19b1c5e179c0e7934c1b69d4b9"
 		score = 75
 		quality = 75
@@ -64420,8 +66034,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_997B25A0 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ca688086c4628c64c32a99083d620bcb5373e3100d154331451a3e9f86081aca"
 		score = 75
 		quality = 75
@@ -64448,8 +66062,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_B17B33A1 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7fa69674d1e985bafe310597f23ae80113136768141f0a1931baf88b2509e6ef"
 		score = 75
 		quality = 75
@@ -64476,8 +66090,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_23D77Ae5 : FILE MEMORY
 		date = "2021-03-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "844974a2d3266e1f9ba275520c0e8a5d176df69a0ccd5135b99facf798a5d209"
 		logic_hash = "e5f5cf854ebd0e25fffbd6796217f22223a06937e1cacb33baa105ac41731256"
 		score = 75
@@ -64519,8 +66133,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5574Be7D : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8c5c0d27153f60ef8aec57def2f88e3d5f9a7385b5e8b8177bab55fa7fac7b18"
 		logic_hash = "ed0fc98c5d628ce38b923e1410eaf7a4a65ecffea42bed35314e30c99a52219b"
 		score = 75
@@ -64564,8 +66178,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1473F0B4 : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9cfb441eb5c60ab1c90b58d4878543ee554ada2cceee98d6b867e73490d30fec"
 		logic_hash = "dc13625e58c029c60b8670f8e63cd7786bf3e9705c462f3cbbf5b39e7c02f9a1"
 		score = 75
@@ -64600,8 +66214,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Dcf25Dde : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ba2a255671d33677cab8d93531eb25c0b1f1ac3e3085b95365a017463662d787"
 		logic_hash = "64d15d92faf0919a8fa1ce6772750cde47eaa24b09cf4243393777334bad9712"
 		score = 75
@@ -64652,8 +66266,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_46Dc12Dd : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bf38a787aee5afdcab00b95ccdf036bc7f91f07151b4444b54165bb70d649ce5"
 		logic_hash = "e01209a83f4743cbad7dda01595c053277868bd47208e48214b557ae339b5b3c"
 		score = 50
@@ -64687,8 +66301,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_78A26074 : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8cd75fa8650ebcf0a6200283e474a081cc0be57307e54909ee15f4d04621dde0"
 		logic_hash = "3837c22f7f9d55f03cb0bc1336798f0e2a91549c187b9f5136491cbafd26ce6e"
 		score = 75
@@ -64732,8 +66346,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_217B9C97 : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1e90a73793017720c9a020069ed1c87879174c19c3b619e5b78db8220a63e9b7"
 		logic_hash = "9b2b8a8154d4aba06029fd35d896331449f7baa961f183fb0cb47e890610ff99"
 		score = 75
@@ -64778,8 +66392,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D2110921 : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05ef40f7745db836de735ac73d6101406e1d9e58c6b5f5322254eb75b98d236a"
 		logic_hash = "39ef17836f29c358f596e0047d582b5f1d1af523c8f6354ac8a783eda9969554"
 		score = 75
@@ -64818,8 +66432,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_0114D469 : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "083cb35a7064aa5589efc544ac1ed1b04ec0f89f0e60383fcb1b02b63f4117e9"
 		logic_hash = "6ca8e73f758d3fa956fe53cc83abb43806359f93df05c42a58e2f394a1a3c117"
 		score = 75
@@ -64862,8 +66476,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_07239Dad : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dbd534f2b5739f89e99782563062169289f23aa335639a9552173bedc98bb834"
 		logic_hash = "231592d1a45798de6d22c922626ca28ef4019bae95d552a0f2822823d8dec384"
 		score = 75
@@ -64907,8 +66521,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Fd7A39Af : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d5bb8d94b71d475b5eb9bb4235a428563f4104ea49f11ef02c8a08d2e859fd68"
 		logic_hash = "15cb286504e6167c78e194488555f565965a03e7714fe16692a115df26985a01"
 		score = 75
@@ -64952,8 +66566,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_2D89E9Cd : FILE MEMORY
 		date = "2021-03-29"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3963649ebfabe8f6277190be4300ecdb68d4b497ac5f81f38231d3e6c862a0a8"
 		logic_hash = "c15833687c2aed55aae0bb5de83c088cb66edeb4ad1964543522f5477c1f1942"
 		score = 75
@@ -65007,8 +66621,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_32930807 : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d"
 		logic_hash = "e98503696bd72cab4d0d1633991bdb87c0537fd1e2d95507ccd474125328f318"
 		score = 75
@@ -65039,8 +66653,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_618B27D2 : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e"
 		logic_hash = "e66a9dd7efdbff8b9e30119d0e99187e3dfa4ca1c1bc1ade0f8f1003d10e2620"
 		score = 75
@@ -65083,8 +66697,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_6Eb31E7B : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3e3d82ea4764b117b71119e7c2eecf46b7c2126617eafccdfc6e96e13da973b1"
 		logic_hash = "5b6902c8644c79bd183725f0e41bf2f7ae425bf0eb1dddea6fd1a38b77f176ba"
 		score = 75
@@ -65121,8 +66735,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_91516Cf4 : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-08-31"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066"
 		logic_hash = "6c0bdd6827bebb337c0012cdb6e931cd96ce2ad61f3764f288b96ff049b2d007"
 		score = 75
@@ -65154,8 +66768,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Be718Af9 : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c1f1bc58456cff7413d7234e348d47a8acfdc9d019ae7a4aba1afc1b3ed55ffa"
 		logic_hash = "d020f7d1637fc4ee3246e97c9acae0be1782e688154bd109f53f807211beebd7"
 		score = 75
@@ -65188,8 +66802,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F8Dac4Bc : FILE MEMORY
 		date = "2021-03-30"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "13d102d546b9384f944f2a520ba32fb5606182bed45a8bba681e4374d7e5e322"
 		logic_hash = "d4536aac0ee402abcb87826e45c892d6f39562bc1e39b72ae8880dc077f230d9"
 		score = 75
@@ -65230,8 +66844,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9C0Fa8Fe : FILE MEMORY
 		date = "2021-07-13"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f528c3ea7138df7c661d88fafe56d118b6ee1d639868212378232ca09dc9bfad"
 		logic_hash = "23aebc3139c34ecd609db7920fa0d5e194173409e1862555e4c468dad6c46299"
 		score = 75
@@ -65259,8 +66873,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_53692410 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa"
 		logic_hash = "b8aa25fbde4d9ca36656f583e7601118a06e57703862c8b28b273881eef504fe"
 		score = 60
@@ -65288,8 +66902,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_013E07De : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa"
 		logic_hash = "ce21de61f94d41aa3abb73b9391a4d9c8ddeea75f1a2b36be58111b70a9590fe"
 		score = 60
@@ -65317,8 +66931,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_0De95Cab : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "717bea3902109d1b1d57e57c26b81442c0705af774139cd73105b2994ab89514"
 		logic_hash = "adec3e1d3110bcc22262d5f1f2ad14a347616f4a809f29170a9fbb5d1669a4c3"
 		score = 75
@@ -65346,8 +66960,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_711259E4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa"
 		logic_hash = "a71dbb979bc1f7671ab9958b6aa502e6ded4ee1c1b026080fd377eb772ebb1d5"
 		score = 75
@@ -65375,8 +66989,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_7478Ddd9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "20e1509c23d7ef14b15823e4c56b9a590e70c5b7960a04e94b662fc34152266c"
 		logic_hash = "e650ee830b735a11088b628e865cd40a15054437ca05849f2eaa7838eac152e3"
 		score = 75
@@ -65404,8 +67018,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_88033Ff1 : FILE MEMORY
 		date = "2021-09-20"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c"
 		logic_hash = "695d7d411a4de23ba1517a06bda3ce73add37dca1e6fe9046e7c2dcae237389e"
 		score = 75
@@ -65436,8 +67050,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_D3B685A1 : FILE MEMORY
 		date = "2021-09-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c"
 		logic_hash = "7d187aa75fc767f5009f3090852de4894776f4b3f99f189478e7e9fd9c3acbe7"
 		score = 75
@@ -65465,8 +67079,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_5F92F226 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53"
 		logic_hash = "e7ade7aec563c1dc602dfd7fda8c063058f47ae2a915959468792fce389b38f1"
 		score = 75
@@ -65496,8 +67110,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_84D508Ad : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495"
 		logic_hash = "a3e1b41155c7dd347976a1057cb763ab60c50c34e981fef050bd54f060a412fc"
 		score = 75
@@ -65527,8 +67141,8 @@ rule ELASTIC_Windows_Vulndriver_Powerprofiler_2Eedff78 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05"
 		logic_hash = "c4a7ae2ffdf70984cea5b543af93b202c78b6108da1e442186d24071b44d6259"
 		score = 75
@@ -65558,8 +67172,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1388212A : FILE MEMORY
 		date = "2021-04-13"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a"
 		logic_hash = "1b717453810455e3f530e399f5f9f163d1ad0d71a5464fa5c68aa82edd699cda"
 		score = 75
@@ -65611,8 +67225,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_674Fd079 : FILE MEMORY
 		date = "2021-04-14"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a"
 		logic_hash = "f63f3de05dd4f4f40cda6df67b75e37d7baa82c4b4cafd3ebdca35adfb0b15f8"
 		score = 75
@@ -65654,8 +67268,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_355D5D3A : FILE MEMORY
 		date = "2021-04-14"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "945245ca795e0a3575ee4fdc174df9d377a598476c2bf4bf0cdb0cde4286af96"
 		logic_hash = "c6b48ab2cc92deb507d7eead1fb6381ee40b698e84d9eaac45288f95dbda66b3"
 		score = 75
@@ -65698,8 +67312,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_71Fe23D9 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "856687718b208341e7caeea2d96da10f880f9b5a75736796a1158d4c8755f678"
 		logic_hash = "6d1e84bb8532c6271ad3966055eac8d60ec019d8ae6632efb59463c35b46ad9b"
 		score = 75
@@ -65728,8 +67342,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_B393864F : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe"
 		logic_hash = "d09cb7f753675e0b6ecd8a7977ca7f8d313e5d525f05170fc54b265c2ae6c188"
 		score = 75
@@ -65758,8 +67372,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1Ff74F7E : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b6aad500d45de7b076942d31b7c3e77487643811a335ae5ce6783368a4a5081"
 		logic_hash = "f47f760b4c373a073399c69681e76eb9dde6cfdb36c1cc31d7131376493931c0"
 		score = 75
@@ -65788,8 +67402,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_7054A0D0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3a6b3552ffac13aa70e24fef72b69f683ac221105415efb294fb9a2fc81c260a"
 		logic_hash = "f7153fb11e0e4bf422021cc0fab99536c2a193198bf70d7f2af2fa5c1971c028"
 		score = 75
@@ -65817,8 +67431,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_144994A5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b"
 		logic_hash = "4d40337895e63d3dc6f0d94889863f0f5017533658210b902b08d84cf3588cab"
 		score = 75
@@ -65846,8 +67460,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_579A3A4D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "84afc47554cf42e76ef8d28f2d29c28f3d35c2876cec2fb1581b0ac7cfe719dd"
 		logic_hash = "6579630a4fb6cf5bc8ccb2e4f93f5d549baa6ea9b742b2ee83a52f07352c4741"
 		score = 75
@@ -65875,8 +67489,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_0A370634 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "cf924ba45a7dba19fe571bb9da8c4896690c3ad02f732b759a10174b9f61883f"
 		score = 75
 		quality = 75
@@ -65903,8 +67517,8 @@ rule ELASTIC_Linux_Backdoor_Tinyshell_67Ee6Fae : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d2e25ec0208a55fba97ac70b23d3d3753e9b906b4546d1b14d8c92f8d8eb03d"
 		logic_hash = "200d4267e21b8934deecc48273294f2e34464fcb412e39f3f5a006278631b9f1"
 		score = 75
@@ -65935,8 +67549,8 @@ rule ELASTIC_Windows_Shellcode_Generic_8C487E57 : FILE MEMORY
 		date = "2022-05-23"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Shellcode_Generic.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Shellcode_Generic.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a86ea8e15248e83ce7322c10e308a5a24096b1d7c67f5673687563dec8229dfe"
 		score = 75
 		quality = 75
@@ -65963,8 +67577,8 @@ rule ELASTIC_Windows_Shellcode_Generic_F27D7Beb : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Shellcode_Generic.yar#L20-L37"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Shellcode_Generic.yar#L20-L37"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8530a74a002d0286711cd86545aff0bf853de6b6684473b6211d678797c3639f"
 		score = 75
 		quality = 75
@@ -65991,8 +67605,8 @@ rule ELASTIC_Windows_Shellcode_Generic_29Dcbf7A : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Shellcode_Generic.yar#L39-L56"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Shellcode_Generic.yar#L39-L56"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c2a81cc27e696a2e488df7d2f96784bbaed83df5783efab312fc5ccbfd524b43"
 		score = 75
 		quality = 75
@@ -66019,8 +67633,8 @@ rule ELASTIC_Linux_Trojan_Rbot_C69475E3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d97c69b65d2900c39ca012fe0486e6a6abceebb890cbb6d2e091bb90f6b9690"
 		logic_hash = "2a8629ebf6e2082ce90f1b2130ae596e4e515f3289a25899f2fc57b99c01a654"
 		score = 75
@@ -66048,8 +67662,8 @@ rule ELASTIC_Linux_Trojan_Rbot_96625C8C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rbot.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rbot.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a052cfad3034d851c6fad62cc8f9c65bceedc73f3e6a37c9befe52720fd0890e"
 		logic_hash = "5a9671e10e7b9b58ecf9fab231de18b4b6039c9d351b145fae1705297acda95e"
 		score = 75
@@ -66077,8 +67691,8 @@ rule ELASTIC_Linux_Trojan_Rbot_366F1599 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rbot.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rbot.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5553d154a0e02e7f97415299eeae78e5bb0ecfbf5454e3933d6fd9675d78b3eb"
 		logic_hash = "3efe0f35efd855b415149513e8abb2210a26ef6f3b6c31275c8147fabb634fab"
 		score = 75
@@ -66106,8 +67720,8 @@ rule ELASTIC_Windows_Trojan_Njrat_30F3C220 : FILE MEMORY
 		date = "2021-06-13"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Njrat.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Njrat.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b"
 		logic_hash = "76347165829415646f943bb984cd17ca138cf238d03f114c498dbcec081d5ae3"
 		score = 75
@@ -66140,8 +67754,8 @@ rule ELASTIC_Windows_Trojan_Njrat_Eb2698D2 : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Njrat.yar#L26-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Njrat.yar#L26-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d537397bc41f0a1cb964fa7be6658add5fe58d929ac91500fc7770c116d49608"
 		logic_hash = "c32a641f2d639f56a8137b3e0d0be3261fba30084eeba9d1205974713413af9f"
 		score = 75
@@ -66169,8 +67783,8 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE
 		date = "2021-01-12"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_Dcom.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Dcom.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5"
 		logic_hash = "484576ab5369f99dc7086d724ead12d464f2bedaf84c93b74e137ddd98600b06"
 		score = 75
@@ -66198,8 +67812,8 @@ rule ELASTIC_Linux_Exploit_CVE_2018_10561_0F246E33 : FILE MEMORY CVE_2018_10561
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eac08c105495e6fadd8651d2e9e650b6feba601ec78f537b17fb0e73f2973a1c"
 		logic_hash = "2c3785ddfded7128e983f3ec17a9f77c856d903f07e325b08f9f463950576ebe"
 		score = 75
@@ -66227,8 +67841,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_97F92Ff7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e"
 		logic_hash = "a883c790fd7fdeb0ca6de5fcf4dd69a996b6d85db3179a8a28adbbbc1dc01bc6"
 		score = 75
@@ -66256,8 +67870,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_5B78Aa01 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e"
 		logic_hash = "bcf285ac220b2b2ed9caf0943fa22ee830e5b26501c54a223e483a33e2fc63c0"
 		score = 75
@@ -66285,8 +67899,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_1B443A9B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a33112daa5a7d31ea1a1ca9b910475843b7d8c84d4658ccc00bafee044382709"
 		logic_hash = "4afcd7103a14d59abc08d9e03182a985e3d0250c09aad5e81fd110c6a95f29e0"
 		score = 75
@@ -66314,8 +67928,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C36D3Dd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9"
 		logic_hash = "c1b61fce7593a44e47043fac8a6356f9aa9e74b66db005400684a5a79b69a5cd"
 		score = 75
@@ -66343,8 +67957,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_3E81B1B7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9"
 		logic_hash = "54253df560e6552a728dc2651c557bc23ae8ec4847760290701438821c52342e"
 		score = 75
@@ -66372,8 +67986,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_Cde7Cfd4 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cd646a1d59c99b9e038098b91cdb63c3fe9b35bb10583bef0ab07260dbd4d23d"
 		logic_hash = "47967d90a6dbb4461e22998aff5b7e68b4b9007ea7e5e30574ae1f1cfcbaa573"
 		score = 75
@@ -66401,8 +68015,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_32D9Fb1B : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90"
 		logic_hash = "35ef4f3970484a46d705e6976a9932639d576717454b8e07ed24a72114d9c42d"
 		score = 75
@@ -66430,8 +68044,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C3Cfc62 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90"
 		logic_hash = "da9804489f30b575d2b459f82570f5df07c1777f105cd373c4268f8a31fa4e43"
 		score = 75
@@ -66459,8 +68073,8 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE
 		date = "2024-03-05"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12"
 		logic_hash = "bac78186f3d46c6765bacaf6a324ff94e449261cefe2594cb38c4cc25db1f0de"
 		score = 75
@@ -66493,8 +68107,8 @@ rule ELASTIC_Linux_Trojan_Pnscan_20E34E35 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7dbd5b709f16296ba7dac66dc35b9c3373cf88452396d79d0c92d7502c1b0005"
 		logic_hash = "1e69ef50d25ffd0f38ed0eb81ab3295822aa183c5e06f307caf02826b1dfa011"
 		score = 75
@@ -66522,8 +68136,8 @@ rule ELASTIC_Multi_Attacksimulation_Blindspot_D93F54C5 : FILE MEMORY
 		date = "2022-05-23"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "41984a0ad20ab21186252bb2f3f68604d2cbeea0e1ce22895dd163f7acbf2ca1"
 		score = 75
 		quality = 75
@@ -66550,8 +68164,8 @@ rule ELASTIC_Windows_Trojan_Stealc_B8Ab9Ab5 : FILE MEMORY
 		date = "2024-03-13"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Stealc.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Stealc.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8"
 		logic_hash = "5fc5d5cea481d1d204d1aa6c52679a23eb59438df2fe547d14c00524772867bb"
 		score = 75
@@ -66587,8 +68201,8 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY
 		date = "2024-03-13"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Stealc.yar#L29-L50"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Stealc.yar#L29-L50"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8"
 		logic_hash = "b79ac3e65cd7d2819d6a49f59ec661241c97174f66a7c4ada91932f10fc43583"
 		score = 75
@@ -66619,8 +68233,8 @@ rule ELASTIC_Macos_Hacktool_Bifrost_39Bcbdf8 : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2b64df0add316240b010db7d34d83fc9ac7001233259193e5a72b6e04aece46"
 		logic_hash = "a2ff4f1aca51e80f2b277e9171e99a80a75177d1d17d487de2eb8872832cb0d5"
 		score = 75
@@ -66656,8 +68270,8 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY
 		date = "2021-08-14"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Pony.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Pony.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567"
 		logic_hash = "4a850d32fb28477e7e3fef2dda6ba327b800e2ebcae1a483970cde78f34a4ff7"
 		score = 75
@@ -66682,6 +68296,37 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Multi_Trojan_Sparkrat_9A21E541 : FILE MEMORY
+{
+	meta:
+		description = "Detects Multi Trojan Sparkrat (Multi.Trojan.SparkRat)"
+		author = "Elastic Security"
+		id = "9a21e541-886c-4d7f-8602-832862121730"
+		date = "2023-11-13"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6"
+		logic_hash = "903c5c65436bea8dd044fd5f1f6dda3d1e90ab25802d508f67ba0f7fd06e92d4"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "2691da3a037b651d0f7f6d7be767c34845c3b9a642f4a2fb1c54f391f08089b6"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "multi"
+
+	strings:
+		$a1 = "Spark/client/service/file" ascii wide
+		$a2 = "Spark/client/service/desktop" ascii wide
+		$a3 = "Spark/utils.Encrypt" ascii wide
+
+	condition:
+		all of them
+}
 rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY
 {
 	meta:
@@ -66691,8 +68336,8 @@ rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY
 		date = "2023-06-26"
 		modified = "2023-06-29"
 		reference = "https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747"
 		logic_hash = "bd6005d72faba6aaeebdcbd8c771995cbfc667faf01eb93825afe985954a47fc"
 		score = 75
@@ -66722,8 +68367,8 @@ rule ELASTIC_Windows_Ransomware_Stop_1E8D48Ff : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Stop.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Stop.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3"
 		logic_hash = "d743feae072a5f3e1b008354352bef48218bb041bc8a5ba39526815ab9cd2690"
 		score = 75
@@ -66752,8 +68397,8 @@ rule ELASTIC_Windows_Remoteadmin_Ultravnc_965F054A : FILE MEMORY
 		date = "2023-03-18"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59bddb5ccdc1c37c838c8a3d96a865a28c75b5807415fd931eaff0af931d1820"
 		logic_hash = "a9b9d0958f09b23fa7b27ef7ec32b3feb98edca3be5a21552a3a2f50e3fd41c1"
 		score = 75
@@ -66787,8 +68432,8 @@ rule ELASTIC_Windows_Hacktool_Executeassembly_F41F4Df6 : FILE MEMORY
 		date = "2023-03-28"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a468ba2ba77aafa2a572c8947d414e74604a7c1c6e68a0b87fbfce4f8854dd61"
 		logic_hash = "ab72dec636a96338e16fd57f2db4bb52e38fe61315b42c2ffe9c4566fc0326d3"
 		score = 75
@@ -66817,8 +68462,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_C2907D77 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "613ac236130ab1654f051d6f0661fa62414f3bef036ea4cc585b4b21a4bb9d2b"
 		logic_hash = "39b72973bbcddf14604b8ea08339657cba317c23fd4d69d4aa0903b262397988"
 		score = 75
@@ -66846,8 +68491,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_3Eb725D1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6"
 		logic_hash = "a9530aca53d935f3e77a5f0fc332db16e3a2832be67c067e5a6d18e7ec00e39f"
 		score = 75
@@ -66875,8 +68520,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_400B7595 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6"
 		logic_hash = "e36acf708875efda88143124e11fef5b0e2f99d17b0c49344db969cf0d454db1"
 		score = 75
@@ -66904,8 +68549,8 @@ rule ELASTIC_Windows_Exploit_Rpcjunction_0405253B : FILE
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05588fe3d2aae1273e9d0b0ac00c867d92bcdea41c33661760dcbe84439e7949"
 		logic_hash = "c663285d81e00bf6b028cdb043da3c6d5033a0c100d9c626acfa26d67bc1c093"
 		score = 75
@@ -66935,8 +68580,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_563Ecb11 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39"
 		logic_hash = "b93e6ab097ccd4c348d228a48df098594e560e62256bfe019669ca9488221214"
 		score = 75
@@ -66964,8 +68609,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_Ab3396D5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c5ec84e7cc891af25d6319abb07b1cedd90b04cbb6c8656c60bcb07e60f0b620"
 		logic_hash = "8c083f66fc252a88395bb954a67d710d64f5b68efb9df4b60b260302874b400a"
 		score = 75
@@ -66993,8 +68638,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_F07357F1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39"
 		logic_hash = "cfe217fe108de787600d1ef06ac6738d84aedfc46e5632143692a9f83cb62df7"
 		score = 75
@@ -67022,8 +68667,8 @@ rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Monti.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Monti.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713"
 		logic_hash = "c22a4efaaf97d68deaf1978e637dd7f790541e5007c6323629bcc9e3d4eecd06"
 		score = 75
@@ -67054,8 +68699,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_Ea0140A1 : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4"
 		logic_hash = "e2c05e2c92444d7bcb2bf68e97f809072d2ccdc8a171214d2e7a498b20d08f90"
 		score = 75
@@ -67083,8 +68728,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_97D7575B : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4"
 		logic_hash = "9c85f98aaae28e9e90a94d6ce18389467013ea6b569f46f6acaf26a6c7e027fc"
 		score = 75
@@ -67112,8 +68757,8 @@ rule ELASTIC_Windows_Vulndriver_Procid_86605Fa9 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29"
 		logic_hash = "882cdbd267d812e77e68e7080f1fca0ca3d7e75ab84c583c3ec148894b1cf644"
 		score = 75
@@ -67141,8 +68786,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_21B60705 : FILE MEMORY
 		date = "2023-03-19"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ba97c51ba503fa4bdcfd5580c75436bc88794b4ae883afa1d92bb0b2a0f5efe"
 		logic_hash = "ef3f60689d72553111b42b27e0a1a0316288ae07fbfaf159eea8c76380d528fa"
 		score = 75
@@ -67176,8 +68821,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_1Da1C2C2 : FILE MEMORY
 		date = "2023-03-28"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9bfc4fed7afc79a167cac173bf3602f9d1f90595d4e41dab68ff54973f2cedc1"
 		logic_hash = "bf5d45fe79dacfc6aee5cfd788ec6ce77e99e55d5a6d294da57c126bedf75ee9"
 		score = 75
@@ -67212,8 +68857,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY
 		date = "2023-05-05"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "56b5ff5132ec1c5836223ced287d51a9ecee8d2b081f449245e136b1262a8714"
 		logic_hash = "423b68717a7aead3c871e7fc744e35dad1cfd7727bfba2bdaec69fb782540380"
 		score = 75
@@ -67243,8 +68888,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY
 		date = "2024-04-03"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d"
 		logic_hash = "039d6de0d072be6717ba3eb90735d7b4898d3bbac83db4feb75efcdbca8fd98b"
 		score = 75
@@ -67266,6 +68911,35 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY
 	condition:
 		2 of them
 }
+rule ELASTIC_Windows_Trojan_Rhadamanthys_C4760266 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Rhadamanthys (Windows.Trojan.Rhadamanthys)"
+		author = "Elastic Security"
+		id = "c4760266-bbff-4428-a7a5-bca7513c7993"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "05074675b07feb8e7556c5af449f5e677e0fabfb09b135971afbb11743bf3165"
+		logic_hash = "b8c1c56681aac4e1b1741dfa3ea929677214873b6f1795423a80742f699249de"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "53a04d385ef3a59b76500effaf740cd0e7d825ea5515f871097d82899b0cfc44"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 55 8B EC 83 EC 14 83 7D 08 00 53 8B D8 74 50 56 57 8B 7D 0C 6A 10 2B FB 5E 56 8D 45 EC 53 50 ?? ?? ?? ?? ?? 83 C4 0C 90 8B 4D 10 8B C3 2B CB 89 75 FC 8A 14 07 32 10 88 14 01 40 FF 4D FC 75 F2 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995
 {
 	meta:
@@ -67275,8 +68949,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "48d927b4b18a03dfbce54bb5f4518869773737e449301ba2477eb797afbb9972"
 		logic_hash = "cdd6b309a1e802f1251d726b0ea74e3d11fdd10d1d0bfa4c6f3d802f819368ec"
 		score = 75
@@ -67304,8 +68978,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_82816Caa : FILE MEMORY CVE_2017_16995
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "14e6b788db0db57067d9885ab5ff3d3a5749639549d82abd98fa4fcf27000f34"
 		logic_hash = "3ae00290073d41ff5dba2f677510bf9a9c0ebaed221901eb8b1a8dda08157a46"
 		score = 75
@@ -67333,8 +69007,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_5Edb0181 : FILE MEMORY CVE_2017_16995
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e4df84e1dffbad217d07222314a7e13fd74771a9111d07adc467a89d8ba81127"
 		logic_hash = "f6eb19329db765938b48021039baaf1b5aeb3240c405ba20ed81863a0fb4b583"
 		score = 75
@@ -67362,8 +69036,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_Aa5Eefed : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "bbafc2eac17562f315b09fa42eb601d0140152917d7962429df3a378abe67732"
 		score = 75
 		quality = 75
@@ -67392,8 +69066,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_B31Cac3F : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "30500e35721e9db3d63cafa5ca10818557fa9f4e0bda9c0d02283183508cf7b5"
 		score = 75
 		quality = 75
@@ -67423,8 +69097,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_E9319E4A : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "182ed508d645a0b1fab80fb6f975a05d33b64c43005bd3656df6470934cd71f4"
 		score = 75
 		quality = 75
@@ -67452,8 +69126,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_942142E3 : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "af5068ef3442964e4d1c5e27090fb84eaf762ff23463b7a0c2902e523ae601c1"
 		score = 75
 		quality = 75
@@ -67481,8 +69155,8 @@ rule ELASTIC_Linux_Ransomware_Erebus_Ead4F55B : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6558330f07a7c90c40006346ed09e859b588d031193f8a9679fe11a85c8ccb37"
 		logic_hash = "82e81577372298623ee3ed3583bb18b2c0cfff30abbacf2909e7efca35c83bd7"
 		score = 75
@@ -67512,8 +69186,8 @@ rule ELASTIC_Linux_Trojan_Nuker_12F26779 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Nuker.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Nuker.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "440105a62c75dea5575a1660fe217c9104dc19fb5a9238707fe40803715392bf"
 		logic_hash = "8bafbc2792bd4cacd309efd72d2d8787342685d66785ea41cb57c91519a3c545"
 		score = 75
@@ -67541,8 +69215,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_1F885282 : FILE MEMORY
 		date = "2021-06-22"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409"
 		logic_hash = "c76941a83e18f11ed5af701e89616d324ddba613a95069997ea8f1830f328307"
 		score = 75
@@ -67570,8 +69244,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_0F421617 : FILE MEMORY
 		date = "2021-07-20"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080"
 		logic_hash = "0076ccbe43ae77e3a80164d43832643f077e659a595fff01c87694e2274c5e86"
 		score = 75
@@ -67599,8 +69273,8 @@ rule ELASTIC_Windows_Exploit_Ioring_1E4A8F47 : FILE MEMORY
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_IoRing.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_IoRing.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ba2bd270bf3f312dfa3f77f0716edb634c90506c87f82c04aee09445d18738eb"
 		logic_hash = "cbbea9a60bde13356ce88cd96aacaa02a3c99f4ae0b48c4ba84b72528a3d6b91"
 		score = 75
@@ -67631,8 +69305,8 @@ rule ELASTIC_Linux_Exploit_Wuftpd_0991E62F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd"
 		logic_hash = "71ad26a182c7f16e7e0ad7f7afe0dcf1d38fe953dc0806341d7e21ee4acea87d"
 		score = 75
@@ -67660,8 +69334,8 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mech.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mech.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "710d1a0a8c7eecc6d793933c8a97cec66d284b3687efee7655a2dc31d15c0593"
 		logic_hash = "268aeb25d6468412d8123bab5eb2c8bd7704828d0ef3c3d771aa036e374127d7"
 		score = 75
@@ -67689,8 +69363,8 @@ rule ELASTIC_Linux_Trojan_Bluez_50E87Fa9 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1e526b6e3be273489afa8f0a3d50be233b97dc07f85815cc2231a87f5a651ef1"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Bluez.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Bluez.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "53754c538a7dea6f06e37980901350feddc3517821ea42544cb96e371709752f"
 		score = 75
 		quality = 75
@@ -67717,8 +69391,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D7Bd0E5D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "afcfd67af99e437f553029ccf97b91ed0ca891f9bcc01c148c2b38c75482d671"
 		logic_hash = "1f87721fdfe58d029c0696bc99385a0052c771bc48b2c9ce01b72c3e42359654"
 		score = 75
@@ -67746,8 +69420,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_69E1A763 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b04d9fabd1e8fc42d1fa8e90a3299a3c36e6f05d858dfbed9f5e90a84b68bcbb"
 		logic_hash = "d0dac8e2c9571d9e622c8c1250a54a7671ad1b9b00dba584c3741b714c22d8e0"
 		score = 75
@@ -67775,8 +69449,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_397A86Bd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79c47a80ecc6e0f5f87749319f6d5d6a3f0fbff7c34082d747155b9b20510cde"
 		logic_hash = "6b46a82d1aea0357f5a48c9ae1d93e3d4d31bd98b9c9b4e0b0d0629e7f159499"
 		score = 75
@@ -67804,8 +69478,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_37C3F8D3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "efbddf1020d0845b7a524da357893730981b9ee65a90e54976d7289d46d0ffd4"
 		logic_hash = "e7bdd185ea4227b0960c3e677e7d8ac7488d53eaa77efd631be828b2ca079bb8"
 		score = 75
@@ -67833,8 +69507,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_28A80546 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "96cc225cf20240592e1dcc8a13a69f2f97637ed8bc89e30a78b8b2423991d850"
 		logic_hash = "120e9f7cad0fc8aebd843374c0edca8cbb701882ab55a7f24aced1d80d8cd697"
 		score = 75
@@ -67862,8 +69536,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9D531F70 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0"
 		logic_hash = "87d3cb7049975d52f2a6d6aa10e6b6d0d008d166ca5f9889ad1413a573d8b58e"
 		score = 75
@@ -67891,8 +69565,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_23A5C29A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f"
 		logic_hash = "c2608e7ee73102e0737a859a18c5482877c6dc0e597d8a14d8d41f5e01a0b1f4"
 		score = 75
@@ -67920,8 +69594,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Ea5703Ce : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bec6eea63025e2afa5940d27ead403bfda3a7b95caac979079cabef88af5ee0b"
 		logic_hash = "bbf0191ecff24fd24376fd3dec2e96644188ca4d26b4ca4f087e212bae2eab85"
 		score = 75
@@ -67949,8 +69623,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6A4F4255 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80"
 		logic_hash = "133290dc7423174bb3b41b152bab038d118b47baaca52705b66fd9be01692a03"
 		score = 75
@@ -67978,8 +69652,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9088D00B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8abb2b058ec475b0b6fd0c994685db72e98d87ee3eec58e29cf5c324672df04a"
 		logic_hash = "3ebc8cb6d647138e72194528dafc644c90222440855d657ec50109f11ff936da"
 		score = 75
@@ -68007,8 +69681,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_71024C4A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "afe81c84dcb693326ee207ccd8aeed6ed62603ad3c8d361e8d75035f6ce7c80f"
 		logic_hash = "0c66a3388fe8546ae180e52d50ef05a28755d24e47b3b56f390d5c6fcb0b89eb"
 		score = 75
@@ -68036,8 +69710,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D81368A3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "71225e4702f2e0a0ecf79f7ec6c6a1efc95caf665fda93a646519f6f5744990b"
 		logic_hash = "0e30c9ebd8f2d3a489180f114daf91a3655ce9075ae25ea3d6ef5be472d7721a"
 		score = 75
@@ -68065,8 +69739,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_97E9Cebe : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b4ff62d92bd4d423379f26b37530776b3f4d927cc8a22bd9504ef6f457de4b7a"
 		logic_hash = "8aad31db2646fb9971b9af886e30f6c5a62a9c7de86cb9dc9e1341ac3b7762eb"
 		score = 75
@@ -68094,8 +69768,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_98Ff0F36 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c14aaf05149bb38bbff041432bf9574dd38e851038638aeb121b464a1e60dcc"
 		logic_hash = "60f17855b08cfc51e497003cbb5ed25d9168fb29c57d8bfd7105b9b5e714e3a1"
 		score = 75
@@ -68123,8 +69797,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1512Cf40 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc063a0e763894e86cdfcd2b1c73d588ae6ecb411c97df2a7a802cd85ee3f46d"
 		logic_hash = "0d43e6a4bd5036c2b6adb61f2d7b11e625c20e9a3d29242c7c34cfc7708561be"
 		score = 75
@@ -68152,8 +69826,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_0D6005A1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "230d46b39b036552e8ca6525a0d2f7faadbf4246cdb5e0ac9a8569584ef295d4"
 		logic_hash = "c3fd32e7582f0900b94fe3ba6b6bcdf238f78e2e343d70d5b0196a968a41cf26"
 		score = 75
@@ -68181,8 +69855,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E1Ff020A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b611898f1605751a3d518173b5b3d4864b4bb4d1f8d9064cc90ad836dd61812"
 		logic_hash = "be801989b9770f3b70217bd5f13795b5dd0b516209f631d900b6647e0afe8d98"
 		score = 75
@@ -68210,8 +69884,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_102D6F7C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bd40c2fbf775e3c8cb4de4a1c7c02bc4bcfa5b459855b2e5f1a8ab40f2fb1f9e"
 		logic_hash = "52966eaaef5522e711dc89bd796b1e12019a8485ee789e8d5112d86f7e630170"
 		score = 75
@@ -68239,8 +69913,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9C8F3B1A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "74d8344139c5deea854d8f82970e06fc6a51a6bf845e763de603bde7b8aa80ac"
 		logic_hash = "f7ab9990b417c1c81903dcb7adaae910d20ea7fce6689d4846dd6002bea3e721"
 		score = 75
@@ -68268,8 +69942,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_76Cb94A9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f"
 		logic_hash = "758ee41048c94576e7a872bfdacc6b6f2be3d460169905c876585037e11fdaa8"
 		score = 75
@@ -68297,8 +69971,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_616Afaa1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0901672d2688660baa26fdaac05082c9e199c06337871d2ae40f369f5d575f71"
 		logic_hash = "53a309a6a274558e4ae8cfa8f3e258f23dc9ceafab3be46351c00d24f5d790ec"
 		score = 75
@@ -68326,8 +70000,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_18Af74B2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "52707aa413c488693da32bf2705d4ac702af34faee3f605b207db55cdcc66318"
 		logic_hash = "d8ec9bd01fcabdd4a80e07287ecc85026007672bbc3cd2d4cbb2aef98da88ed5"
 		score = 75
@@ -68355,8 +70029,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1B76C066 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f60302de1a0e756e3af9da2547a28da5f57864191f448e341af1911d64e5bc8b"
 		logic_hash = "be239bc14d1adf05a5c6bf2b2557551566330644a049b256a7a5c0ab9549bd06"
 		score = 75
@@ -68384,8 +70058,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B6Ea5Ee1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8"
 		logic_hash = "529119e07aa0243afddc3141dc441c314c3f75bdf3aee473b8bb7749c95fa78a"
 		score = 75
@@ -68413,8 +70087,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_050Ac14C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0"
 		logic_hash = "c34b0ff3ce867a76ef57fad7642de7916fa7baebf1a2a8d514f7b74be7231fd4"
 		score = 75
@@ -68442,8 +70116,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Df937Caa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8"
 		logic_hash = "d76a6008576687088f28674fb752e1a79ad2046e0208a65c21d0fcd284812ad8"
 		score = 75
@@ -68471,8 +70145,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E9Ff82A8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "62ea137e42ce32680066693f02f57a0fb03483f78c365dffcebc1f992bb49c7a"
 		logic_hash = "9309aaad6643fa212bb04ce8dc7d24978839fe475f17d36e3b692320563b6fad"
 		score = 75
@@ -68500,8 +70174,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_A5267Ea3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b342ceeef58b3eeb7a312038622bcce4d76fc112b9925379566b24f45390be7d"
 		logic_hash = "081633b5aa0490dbffcc0b8ab9850b59dbbd67d947c0fe68d28338a352e94676"
 		score = 75
@@ -68529,8 +70203,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_4E9075E6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "098bf2f1ce9d7f125e1c9618f349ae798a987316e95345c037a744964277f0fe"
 		logic_hash = "fe117f65666b9eac19fa588ee631f9be7551a3a9e3695b7ecbb77806658678aa"
 		score = 75
@@ -68558,8 +70232,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_3A8D0974 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "193fe9ea690759f8e155458ef8f8e9efe9efc8c22ec8073bbb760e4f96b5aef7"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7039d461d8339d635a543fae2c6dbea284ce1b727d6585b69d8d621c603f37ac"
 		score = 75
 		quality = 75
@@ -68586,8 +70260,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B9E6Ffdf : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0f3200a93f1be4589eec562c4f688e379e687d09c03d1d8850cc4b5f90f192a"
 		logic_hash = "57d5b3eb5812a849d04695bdb1fb728a5ebd3bf5201ac3e7f36d37af0622eec2"
 		score = 75
@@ -68615,8 +70289,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_7Ef74003 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a172cfecdec8ebd365603ae094a16e247846fdbb47ba7fd79564091b7e8942a0"
 		logic_hash = "1bde07dbb88357fcc02171512725be94d9fc0427c03afb2d59fbd0658c5d8e2e"
 		score = 75
@@ -68644,8 +70318,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1D0700B8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd"
 		logic_hash = "a24264cb071d269c82718aed5bc5c6c955e1cb2c7a63fe74d4033bfa6adf8385"
 		score = 75
@@ -68673,8 +70347,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_55Beb2Ee : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "edda1c6b3395e7f14dd201095c1e9303968d02c127ff9bf6c76af6b3d02e80ad"
 		logic_hash = "8a31b4866100b35d559d50f5db6f80d51bced93f9aac3f0d2d1de71ba692a3c5"
 		score = 75
@@ -68702,8 +70376,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Fdd7340F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd"
 		logic_hash = "fd39ba5cf050d23de0889feefa9cd74dfb6385a09aa9dba90dc1d5d6cb020867"
 		score = 75
@@ -68731,8 +70405,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_2627921E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "350a8ceabd8495e66cc58885f1ab38f602c66c162c05e4b6ae0e2a7977ec2cdf"
 		logic_hash = "edb2864719d62ab212bde1adf02dd17c8edc8ce4ae273b959e58a3eaf751fd7c"
 		score = 75
@@ -68760,8 +70434,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E36A35B0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ab6d8f09df67a86fed4faabe4127cc65570dbb9ec56a1bdc484e72b72476f5a4"
 		logic_hash = "0572f584746a2af6f545798b25445fd4e764a9eecc01b7476e5c1af631eb314a"
 		score = 75
@@ -68789,8 +70463,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6Dad0380 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "628b1cc8ccdbe2ae0d4ef621da047e07e2532d00fe3d4da65f0a0bcab20fb546"
 		logic_hash = "b305448d5517212adb7586e7af12842095e1a263520511329e40f0865fe4f81b"
 		score = 75
@@ -68818,8 +70492,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E73F501E : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2f646ced4d05ba1807f8e08a46ae92ae3eea7199e4a58daf27f9bd0f63108266"
 		logic_hash = "2f6187f3447f9409485e9e8aa047114aa3c38bcc338106c3ed8680152dff121a"
 		score = 75
@@ -68847,8 +70521,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_5E56D076 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09"
 		logic_hash = "c8e2ebcffe8a169c2cc311c95538b674937fa87e06d2946a6ed3b0c1f039f7fc"
 		score = 75
@@ -68876,8 +70550,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_54357231 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a"
 		logic_hash = "a895c9fd124d6bd55748093c3ef54606e5692285260aa21bd70dca02126239d2"
 		score = 75
@@ -68905,8 +70579,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_467C4D46 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a"
 		logic_hash = "b28f871365c1fa6315b1c2fc6698bdd224961972cd578db05c311406c239ac22"
 		score = 75
@@ -68934,8 +70608,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E0Cca9Dc : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383"
 		logic_hash = "fa4089f74fc78e99427b4e8eda9f8348e042dc876c7281a4a2173c83076bfbd2"
 		score = 75
@@ -68963,8 +70637,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383"
 		logic_hash = "d38cc5714721c0b00cfa47cb9828fd76ff57ec8180e5cfe1fec67a092dd87904"
 		score = 75
@@ -68983,6 +70657,64 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Cryptominer_Generic_947Dcc5E : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Cryptominer Generic (Linux.Cryptominer.Generic)"
+		author = "Elastic Security"
+		id = "947dcc5e-be4c-4d31-936f-63d466db2934"
+		date = "2024-04-19"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7c5a6ac425abe60e8ea5df5dfa8211a7c34a307048b4e677336b735237dcd8fd"
+		logic_hash = "c4aac006561386fbfe0fa0fe3df6b6798d2915a3dbfb5384583ebf9b2f413115"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f6087a90a9064b505b60a1c53af008b025064f4a823501cae5f00bbe5157d67b"
+		severity = 100
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a = { 28 00 00 0A 30 51 9F E5 04 20 94 E5 04 30 A0 E1 38 00 44 E2 00 40 94 E5 00 40 82 E5 04 20 93 E5 04 20 84 E5 0C 20 13 E5 00 30 83 E5 04 00 12 E3 04 30 83 E5 06 00 00 0A 04 10 C2 E3 08 00 12 E3 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Cryptominer_Generic_B4C2D007 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Cryptominer Generic (Linux.Cryptominer.Generic)"
+		author = "Elastic Security"
+		id = "b4c2d007-9464-4b72-ae2d-b0f1aeaa6fca"
+		date = "2024-04-19"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Generic.yar#L901-L919"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "e1e518ba226d30869e404b92bfa810bae27c8b1476766934961e80c44e39c738"
+		logic_hash = "cb52d9233028918210b8bd3959a6649d75b5c6873befff0cf62d9e71dfecc302"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "364fa077b99cd32d790399fd9f06f99ffef19c37487ef8a4fd81bf36988ecaa6"
+		severity = 100
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a = { FD 03 00 91 F3 53 01 A9 F4 03 00 AA 20 74 40 F9 60 17 00 B4 20 10 42 79 F3 03 01 AA F9 6B 04 A9 40 17 00 34 62 62 40 39 F5 5B 02 A9 26 10 40 39 F7 63 03 A9 63 12 40 B9 FB 73 05 A9 3B A0 03 91 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY
 {
 	meta:
@@ -68992,8 +70724,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c2542e399f865b5c490ee66b882f5ff246786b3f004abb7489ec433c11007dda"
 		logic_hash = "d945c7a23b9f435851f3c998231da615e220c259051cf213186c28f3279be1dd"
 		score = 75
@@ -69021,8 +70753,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_1F1Cfe9A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "497a6d426ff93d5cd18cea623074fb209d4f407a02ef8f382f089f1ed3f108c5"
 		logic_hash = "2171284991b0019379c8d271013a35237c37bc2e13d807caed86f8fb9d2ba418"
 		score = 75
@@ -69050,8 +70782,8 @@ rule ELASTIC_Windows_Hacktool_Chromekatz_Fa232Bba : FILE MEMORY
 		date = "2024-03-27"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3f6922049422df14f1a1777001fea54b18fbfb0a4b03c4ee27786bfbc3b8ab87"
 		logic_hash = "c86291fadd51845cbd7428b159e401d78ac77090e14e34d06bf7bf2018f4502a"
 		score = 75
@@ -69088,8 +70820,8 @@ rule ELASTIC_Windows_Vulndriver_Iobitunlocker_Defb90Fd : FILE
 		date = "2023-07-25"
 		modified = "2023-07-25"
 		reference = "https://theevilbit.github.io/posts/iobit_unlocker_lpe/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556"
 		hash = "5ce1a8eac73ef1d0741f34d9fb2661da322117a63bffe60ccad092da89664c42"
 		logic_hash = "4b0f440c66b7c9a193f0d6675c2a4246036ebc5c0c83856f45ec40a041e9cd07"
@@ -69122,8 +70854,8 @@ rule ELASTIC_Linux_Exploit_Ramen_01B205Eb : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Ramen.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Ramen.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd"
 		logic_hash = "e477e93434db9e650f159995f2cb754394f3187dc341d2ea4c2466924e19a8a6"
 		score = 75
@@ -69151,8 +70883,8 @@ rule ELASTIC_Linux_Cryptominer_Miancha_646803Ef : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c7761c9376ed065887dc6ce852491641419eb2d1f393c37ed0a5cb29bd108d4"
 		logic_hash = "8fd386c0e7037565e8ab206642cc8c11f05ca727b365b94ffdd991f4bed95556"
 		score = 75
@@ -69180,8 +70912,8 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY
 		date = "2022-12-02"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5546194a71bc449789c3697f9c106860ac0a21e1ccf2b1196120b3f92f4b5306"
 		logic_hash = "c585abbe72834e9ba2e5f1c8070a43b0f10c2b574c72ffe1def4bfd431096415"
 		score = 75
@@ -69219,8 +70951,8 @@ rule ELASTIC_Windows_Hacktool_Phant0M_2D6F9B57 : FILE MEMORY
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "30978aadd7d7bc86e735facb5046942792ad1beab6919754e6765e0ccbcf89d6"
 		logic_hash = "a66f8779f77b216f7831617a34c008e4202f36e74f2866c9792cee34b804408d"
 		score = 75
@@ -69253,8 +70985,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_F4Dee200 : FILE MEMORY
 		date = "2022-03-22"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c"
 		logic_hash = "abab541ebddf36c05e351d506d4f978a30d8a44ff09233a667d62a1692dabe15"
 		score = 75
@@ -69283,8 +71015,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_370C5287 : FILE MEMORY
 		date = "2022-03-24"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c"
 		logic_hash = "8a2934c28efef6a5fed26dc88d074aee15b0869370c66f6a4d6eaedf070eaa9e"
 		score = 75
@@ -69312,8 +71044,8 @@ rule ELASTIC_Windows_Trojan_Hazelcobra_6A9Fe48A : FILE MEMORY
 		date = "2023-11-01"
 		modified = "2023-11-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d"
 		logic_hash = "dc4d561497c2e3da270d305ceaf3194b48d64c0d8e212ee6f03a2d89c8e006e8"
 		score = 75
@@ -69344,8 +71076,8 @@ rule ELASTIC_Windows_Trojan_Grandoreiro_51236Ba2 : FILE MEMORY
 		date = "2022-08-23"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1bdf381e7080d9bed3f52f4b3db1991a80d3e58120a5790c3d1609617d1f439e"
 		logic_hash = "9a8549a1dd82f56458ea8aee5c30243ac073d15c820de28d78a58d2c067b10d6"
 		score = 75
@@ -69377,8 +71109,8 @@ rule ELASTIC_Macos_Trojan_Electrorat_B4Dbfd1D : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b1028b38fcce0d54f2013c89a9c0605ccb316c36c27faf3a35adf435837025a4"
 		logic_hash = "a36143a8c93cb187dba0a88a15550219c19f1483502f782dfefc1e53829cfbf1"
 		score = 75
@@ -69409,8 +71141,8 @@ rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY
 		date = "2022-03-17"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "39b3a95928326012c3b2f64e2663663adde4b028d940c7e804ac4d3953677ea6"
 		logic_hash = "e2483b7719f4a1e28ec3732120770066333d8db269c9c9711813a8eeb75176d6"
 		score = 75
@@ -69448,8 +71180,8 @@ rule ELASTIC_Windows_Hacktool_Sleepobfloader_460A1A75 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-01-29"
 		reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "84b3bc58ec04ab272544d31f5e573c0dd7812b56df4fa445194e7466f280e16d"
 		logic_hash = "c0bc1b7ef71c1a91fc487f904315c6f187530ab39825f90f55ac36625d5b93cf"
 		score = 75
@@ -69479,8 +71211,8 @@ rule ELASTIC_Windows_Hacktool_Safetykatz_072B7370 : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "89a456943cf6d2b3cd9cdc44f13a23640575435ed49fa754f7ed358c1a3b6ba9"
 		logic_hash = "cedd3ede487371a8e0d29804f2b81ae808c7ad01bd803fa39dc2c50e472cff43"
 		score = 75
@@ -69512,8 +71244,8 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY
 		date = "2022-03-11"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e"
 		logic_hash = "6fe91d91bb383c66a6dc623b02817411a39b88030142517f4048c5c25fbb4ac5"
 		score = 75
@@ -69532,6 +71264,37 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Trojan_Dragonbreath_B27Bc56B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Dragonbreath (Windows.Trojan.DragonBreath)"
+		author = "Elastic Security"
+		id = "b27bc56b-41a2-4b3d-bff4-a14b90debe08"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "45023fd0e694d66c284dfe17f78c624fd7e246a6c36860a0d892d232a30949be"
+		logic_hash = "b86d5541a7e03a698ad918cdbba987474c6680353b4d2de2f8422ecd0ebcac61"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "4bc82f64191cf907d7ecf7da5453258c9be60e5dbaff770ebc22d9629bcbc7e2"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 50 6C 75 67 69 6E 4D 65 }
+		$a2 = { 69 73 41 52 44 6C 6C }
+		$a3 = { 25 64 2D 25 64 2D 25 64 20 25 64 3A 25 64 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY
 {
 	meta:
@@ -69541,8 +71304,8 @@ rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "498d201f65b57a007a79259ce7015eb7eb1bba660d44deafea716e36316a9caa"
 		logic_hash = "b85679018658e33e81cd2589e9f99cf9ed16ac25b27d93bece26cb5ccc2e379a"
 		score = 75
@@ -69574,8 +71337,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_A40C7Ef0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c389c42bac5d4261dbca50c848f22c701df4c9a2c5877dc01e2eaa81300bdc29"
 		logic_hash = "6118ea86d628450e79ee658f4b95bae40080764a25240698d8ca7fcb7e6adaaf"
 		score = 75
@@ -69603,8 +71366,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_6C6000C2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8877009fc8ee27ba3b35a7680b80d21c84ee7296bcabe1de51aeeafcc8978da7"
 		logic_hash = "0cae81cbc0fdf48b4e7ac09865f05e2ad93d79b7a6f1af76a632727127ab050f"
 		score = 75
@@ -69632,8 +71395,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E191222D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2f4313538c3ef23adbfc50f37451c318bfd1ffd0e5aaa346cce4cc37417f812"
 		logic_hash = "6ffb2add4a76214ffd555cf1fe356371acd3638216094097b355670ecfe02ecd"
 		score = 75
@@ -69661,8 +71424,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E57B0A0C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f8ee385316b60ee551565876287c06d76ac5765f005ca584d1ca6da13a6eb619"
 		logic_hash = "b2f67805e9381864591fdf61846284da97f8dd2f5c60484ce9c6e76d2f6f3872"
 		score = 75
@@ -69690,8 +71453,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY
 		date = "2023-08-25"
 		modified = "2023-11-02"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c"
 		logic_hash = "2b4cd9316e2fda882c95673edecb9c82a03ef4fdcc2d2e25783644cc5dfb5bf0"
 		score = 75
@@ -69714,6 +71477,35 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY
 	condition:
 		3 of them
 }
+rule ELASTIC_Windows_Trojan_Dustywarehouse_3Fef514B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Dustywarehouse (Windows.Trojan.DustyWarehouse)"
+		author = "Elastic Security"
+		id = "3fef514b-9499-47ce-bf84-8393f8d0260f"
+		date = "2024-05-30"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "4ad024f53595fdd380f5b5950b62595cd47ac424d2427c176a7b2dfe4e1f35f7"
+		logic_hash = "865ea1e54950a465b71939a41f7a726ccddcfa9f0d777ea853926f65bca0da84"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "077bc59b4b6298e405c1cd37d9416667371190e5d8c83a9a9502753c9065df58"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 48 83 EC 30 48 C7 44 24 20 FE FF FF FF 48 89 5C 24 48 48 89 74 24 50 C7 44 24 40 [4] 48 8B 39 48 8B 71 08 48 8B 59 10 48 8B 49 18 ?? ?? ?? ?? ?? ?? 84 DB 74 05 E8 E1 01 00 00 48 8B CE }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY
 {
 	meta:
@@ -69723,8 +71515,8 @@ rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-01-29"
 		reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Hacktool_Nps.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Hacktool_Nps.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4714e8ad9c625070ca0a151ffc98d87d8e5da7c8ef42037ca5f43baede6cfac1"
 		logic_hash = "53baf04f4ab8967761c6badb24f6632cc1bf4a448abf0049318b96855f30feea"
 		score = 75
@@ -69757,8 +71549,8 @@ rule ELASTIC_Multi_Hacktool_Nps_F76F257D : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-01-29"
 		reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Hacktool_Nps.yar#L27-L50"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Hacktool_Nps.yar#L27-L50"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "80721b20a8667536a33fca50236f5c8e0c0d07aa7805b980e40818ab92cd9f4a"
 		logic_hash = "0bbd7f86bfd2967dc390510c2e403d05e1b56551b965ea716b9e5330f75c9bd5"
 		score = 75
@@ -69790,8 +71582,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_17Ee6A17 : FILE MEMORY
 		date = "2021-06-12"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "497bc53c1c75003fe4ae3199b0ff656c085f21dffa71d00d7a3a33abce1a3382"
 		logic_hash = "0c868d0673c01e2c115d6822c34c877db77265251167f3a890a448a1de5c6a2d"
 		score = 75
@@ -69827,8 +71619,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F54632Eb : FILE MEMORY
 		date = "2021-06-12"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25"
 		logic_hash = "1779919556ee5c9a78342aabafb8408e035cb39632b25c54da6bf195894901dc"
 		score = 75
@@ -69865,8 +71657,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_3D9371Fd : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a"
 		logic_hash = "1c8a64ce7615f502602ab960638dd55f4deaeea3b49d894274d64d4d0b6a1d10"
 		score = 75
@@ -69900,8 +71692,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_63E7E006 : FILE MEMORY
 		date = "2023-05-01"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e062c99dc9f3fa780ea9c6249fa4ef96bbe17fd1df38dbe11c664a10a92deece"
 		logic_hash = "2085eaf622b52372124e9b23d19e3e4a7fdb7a4559ad9a09216c1cbae96ca5b6"
 		score = 75
@@ -69931,8 +71723,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F07B3Cb4 : FILE MEMORY
 		date = "2023-05-03"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5e491625475fc25c465fc7f6db98def189c15a133af7d0ac1ecbc8d887c4feb6"
 		logic_hash = "64536e3b340254554154ac1b33adfb4f3c72a2c6c0d1ef27827621b905d431c5"
 		score = 75
@@ -69961,8 +71753,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_4Df4Bcb6 : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9389475bd26c1d3fd04a083557f2797d0ee89dfdd1f7de67775fcd19e61dfbb3"
 		logic_hash = "d9027fa9c8d9c938159a734431bb2be67fd7cca1f898c2208f7b909157524da4"
 		score = 75
@@ -69990,8 +71782,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_15Ee6903 : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "46b506cafb2460ca2969f69bcb0ee0af63b6d65e6b2a6249ef7faa21bde1a6bd"
 		logic_hash = "22c8a1f4b5b94261cfabdbcc00e45b9437a0132d4e9d4543b734d4f303336696"
 		score = 75
@@ -70020,8 +71812,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY
 		date = "2024-01-05"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "809e303ba26b894f006b8f2d3983ff697aef13b67c36957d98c56aae9afd8852"
 		logic_hash = "888bc2fdfae8673cd6bce56fc9894b3cab6d7e3c384d854d6bc8aef47fdecf1c"
 		score = 75
@@ -70049,8 +71841,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_983Cd7A7 : FILE MEMORY
 		date = "2024-03-27"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7aa20c57b8815dd63c8ae951e1819c75b5d2deec5aae0597feec878272772f35"
 		logic_hash = "2104bad5ec42bc72ec611607a53086a85359bdb4bf084d7377e9a8e234b0e928"
 		score = 75
@@ -70080,8 +71872,8 @@ rule ELASTIC_Windows_Trojan_Pingpull_09Dd9559 : FILE MEMORY
 		date = "2022-06-16"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "de14f22c88e552b61c62ab28d27a617fb8c0737350ca7c631de5680850282761"
 		logic_hash = "114674b1a9acfc7643138d3b07885343a50c9d319b8d22a6ef34e916685c4469"
 		score = 75
@@ -70115,8 +71907,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_E8243Dae : FILE
 		date = "2022-04-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510"
 		logic_hash = "c551bd87e73f980d8836b13449490de5e639d768b72d9006d90969f3140b28e2"
 		score = 75
@@ -70144,8 +71936,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_Dd576D28 : FILE
 		date = "2022-04-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88cfe6d7c81d0064045c4198d6ec7d3c50dc3ec8e36e053456ed1b50fc8c23bf"
 		logic_hash = "7635ed94ca77c7705df4d2a9c5546ece86bf831b5bf5355943419174e0387b86"
 		score = 75
@@ -70173,8 +71965,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_B4F2A520 : FILE
 		date = "2022-04-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5d0d5373c5e52c4405f4bd963413e6ef3490b7c4c919ec2d4e3fb92e91f397a0"
 		logic_hash = "520d2194593f1622a3b905fe182a0773447a4eee3472e7701cce977f5bf4fbae"
 		score = 75
@@ -70202,8 +71994,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_1Cae6E26 : FILE
 		date = "2022-04-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea"
 		logic_hash = "29c0edc03934e6e7275c3870a8808e03ec85dacb1f54e10efca3123d2257db98"
 		score = 75
@@ -70231,8 +72023,8 @@ rule ELASTIC_Windows_Trojan_Nimplant_44Ff3211 : FILE MEMORY
 		date = "2023-06-23"
 		modified = "2023-07-10"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b56e20384f98e1d2417bb7dcdbfb375987dd075911b74ea7ead082494836b8f4"
 		logic_hash = "ee519d8d722404ed440b385d283a41921bc34ee11f0e7273cdc074b377494c39"
 		score = 75
@@ -70262,8 +72054,8 @@ rule ELASTIC_Linux_Trojan_Gognt_50C3D9Da : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gognt.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gognt.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79602bc786edda7017c5f576814b683fba41e4cb4cf3f837e963c6d0d42c50ee"
 		logic_hash = "ecd9cd94b3bf8c50c347e70aab3da03ea6589530b20941a9f62dac501f8144fc"
 		score = 75
@@ -70291,8 +72083,8 @@ rule ELASTIC_Linux_Trojan_Gognt_05B10F4B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gognt.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gognt.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e43aaf2345dbb5c303d5a5e53cd2e2e84338d12f69ad809865f20fd1a5c2716f"
 		logic_hash = "1dfc3417f75aa81aea5eda3d6da076f1cacf82dbfc039252b1d16f52b81a5a65"
 		score = 75
@@ -70320,8 +72112,8 @@ rule ELASTIC_Windows_Hacktool_Cpulocker_73B41444 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dbfc90fa2c5dc57899cc75ccb9dc7b102cb4556509cdfecde75b36f602d7da66"
 		logic_hash = "8fb33744326781c51bb6bd18d0574602256b813b62ec8344d5338e6442bb2de0"
 		score = 75
@@ -70349,8 +72141,8 @@ rule ELASTIC_Linux_Hacktool_Exploitscan_4327F817 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "66c6d0e58916d863a1a973b4f5cb7d691fbd01d26b408dbc8c74f0f1e4088dfb"
 		logic_hash = "7797d9bd75dff355e1ee84b856e77cf9e886dfe727fb8ce7a6fdbe5ed1eb0985"
 		score = 75
@@ -70378,8 +72170,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3Ac2C13C : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Makop.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Makop.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad"
 		logic_hash = "3fa7c506010a87ac97f415db32c21af091dff26fd912a8f9f5bb5e8d43a8da9e"
 		score = 75
@@ -70407,8 +72199,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3E388338 : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Makop.yar#L21-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Makop.yar#L21-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad"
 		logic_hash = "5a6e5fd725f3d042c0c95b42ad00c93965a49aa6bda6ec5383a239f18d74742e"
 		score = 75
@@ -70441,8 +72233,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_D6Cc23Af : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8"
 		logic_hash = "6a1f5de3a0daf446ceb812a9f5749410a3a7752dce44e935adc288c95816f59d"
 		score = 75
@@ -70472,8 +72264,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_68682378 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a"
 		logic_hash = "8510de6fc33bde153f3bd4d1bb8b0d98ce69aae479d242c6043ac8c712dbb888"
 		score = 75
@@ -70503,8 +72295,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_684A5123 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e"
 		logic_hash = "7c0c7e14f9b5085a87e5dbe27feb8e49bdb4d2fdcfbcbc643999d7969d118240"
 		score = 75
@@ -70534,8 +72326,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_E0B6Cf55 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e"
 		logic_hash = "dccbf6fa46de1a8bc6438578b651055e2d02d15bd04461be74059e6fde40fca3"
 		score = 75
@@ -70563,8 +72355,8 @@ rule ELASTIC_Linux_Virus_Staffcounter_D2D608A8 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "06e562b54b7ee2ffee229c2410c9e2c42090e77f6211ce4b9fa26459ff310315"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e30f1312eb1cbbc4faba3f67527a4e0e955b5684a1ba58cdd82a7a0f1ce3d2b9"
 		score = 75
 		quality = 75
@@ -70591,8 +72383,8 @@ rule ELASTIC_Windows_Trojan_Darkvnc_Bd803C2E : FILE MEMORY
 		date = "2023-01-23"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0fcc1b02fdaf211c772bd4fa1abcdeb5338d95911c226a9250200ff7f8e45601"
 		logic_hash = "d9e8a42a424d6a186939682e1cd2ed794c8a3765824188e863b1b2829650e2d5"
 		score = 75
@@ -70624,8 +72416,8 @@ rule ELASTIC_Multi_Trojan_Sliver_42298C4A : FILE MEMORY
 		date = "2021-10-20"
 		modified = "2022-01-14"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Trojan_Sliver.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Sliver.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007"
 		logic_hash = "a84bdb51fcdeb4629365bdb727b53087604ee0eb112c8d6c3ecf315598ec678a"
 		score = 75
@@ -70659,8 +72451,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3Bde542D : FILE MEMORY
 		date = "2022-08-31"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Trojan_Sliver.yar#L27-L50"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Sliver.yar#L27-L50"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05461e1c2a2e581a7c30e14d04bd3d09670e281f9f7c60f4169e9614d22ce1b3"
 		logic_hash = "23a0e28c1423f577a147efdf927f2dc71871760e38d4d7494ead2920b90ef05e"
 		score = 75
@@ -70693,8 +72485,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3D6B7Cd3 : FILE MEMORY
 		date = "2022-12-01"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Trojan_Sliver.yar#L52-L88"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Sliver.yar#L52-L88"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9846124cfd124eed466465d187eeacb4d405c558dd84ba8e575d8a7b3290403e"
 		logic_hash = "3cbd3358b7d59d6a2912069f4cb8de005b6fafd61e44111d1f6cf0418eb2d1fc"
 		score = 75
@@ -70740,8 +72532,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_Ffe07C79 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3"
 		logic_hash = "18b1c93c395b105f446b4c968441e0a43e42b1bd7efcf6501a89eb92cbd21824"
 		score = 75
@@ -70769,8 +72561,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_852Ba283 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5"
 		logic_hash = "78acd081c2517f9c53cb311481c0cc40cc3699b222afc290da1a3698e7bf75b7"
 		score = 75
@@ -70798,8 +72590,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_13B3C88B : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82"
 		logic_hash = "1e37650292884e28dcc51c42bc1b1d1e8efc13b0727f7865ff1dc7b8e1a72380"
 		score = 75
@@ -70828,8 +72620,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_D595781E : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7"
 		logic_hash = "289eb17025d989cc74e109b1c03378e9760817a84f1a759153ff6ff6b6401e6d"
 		score = 75
@@ -70858,8 +72650,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_B09Af431 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038"
 		logic_hash = "916a6e63dc4c7ee0bfdf4a455ee467a1d03c1042db60806511aa7cbf3b096190"
 		score = 75
@@ -70888,8 +72680,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_5693E967 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89"
 		logic_hash = "4cbc7a52de7f610cdb12bf40a9099bcfae818dcb5e4119a8c34499433aeebd7e"
 		score = 75
@@ -70918,8 +72710,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_185E2396 : FILE MEMORY
 		date = "2022-12-16"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f"
 		logic_hash = "caa21cc019d8e4549d976f8b4f98d930ef7acf4c39c41956ae35fa78c975e016"
 		score = 75
@@ -70954,8 +72746,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_3A5B56Dd : FILE MEMORY
 		date = "2022-12-16"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f"
 		logic_hash = "2491fff4ad0327e0440d842f221fb6623c8efd97e2991bf2090abceaef9c2ccf"
 		score = 75
@@ -70988,8 +72780,8 @@ rule ELASTIC_Windows_Vulndriver_Cpuz_A53D1446 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6"
 		logic_hash = "37da20f5fe1377fe85594055dc811424f52e53a9d77060c6784c2e4d1279e26f"
 		score = 75
@@ -71019,8 +72811,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_Cc0978Df : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d"
 		logic_hash = "e2fabf5889dbdc98dc6942be4fb0de4351d64a06bab945993b2a2c4afe89984e"
 		score = 75
@@ -71049,8 +72841,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_B3Fa382B : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9"
 		logic_hash = "36a60b78de15a52721ad4830b37daffc33d7689e8b180fe148876da00562273a"
 		score = 75
@@ -71078,8 +72870,8 @@ rule ELASTIC_Macos_Trojan_Eggshell_Ddacf7B9 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b"
 		logic_hash = "f986f7d1e3a68e27f82048017c6d6381a0354ffad2cd10f3eee69bbbfa940abd"
 		score = 75
@@ -71111,8 +72903,8 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY
 		date = "2022-03-22"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b432805eb6b2b58dd957481aa8a973be58915c26c04630ce395753c6a5196b14"
 		logic_hash = "fde2e0b5debd4d26838fb245fdf8e5103ab5aab9feff900cbba00c1950adc61a"
 		score = 75
@@ -71145,8 +72937,8 @@ rule ELASTIC_Windows_Trojan_Systembc_C1B58C2F : FILE MEMORY
 		date = "2024-05-02"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "016fc1db90d9d18fe25ed380606346ef12b886e1db0d80fe58c22da23f6d677d"
 		logic_hash = "16ed14dac0c30500c5e91759b0a1b321f3bd53ae6aab1389a685582eba72c222"
 		score = 75
@@ -71179,8 +72971,8 @@ rule ELASTIC_Windows_Trojan_Octopus_15813E26 : FILE MEMORY
 		date = "2021-11-10"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Octopus.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Octopus.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0d30b96ead4ccba75e08f6ba1db73cee61a29b5b0c7ee0fb523cbcd61dce9d87"
 		score = 75
 		quality = 75
@@ -71208,8 +73000,8 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a0e467aacd383727d46e766f1c45b424a6d46248118c155c22c538e8773b3ae7"
 		logic_hash = "1bff820ec5cc9e56e7be4b290a48628115cc1ace5e41278fa76898bf39ef893e"
 		score = 75
@@ -71244,8 +73036,8 @@ rule ELASTIC_Windows_Packer_Scrubcrypt_6A75A4Bb : FILE MEMORY
 		date = "2023-04-18"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05c1eea2ff8c31aa5baf1dfd8015988f7e737753275ed1c8c29013a3a7414b50"
 		logic_hash = "edcaa6f1cc85ef084ae5bf2524f39869a90b008dce85e72bca4835565f067ca7"
 		score = 75
@@ -71274,8 +73066,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_B9E88336 : FILE MEMORY
 		date = "2022-03-22"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986"
 		logic_hash = "b8d1c4c1e33fc0b54a62f82b8f53c9a1b051ad8c2f578d2a43f504158d1d9247"
 		score = 75
@@ -71306,8 +73098,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_Ec14D5F2 : FILE MEMORY
 		date = "2022-03-22"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f45adcc2aad5c0fd900df4521f404bc9ca71b01e3378a5490f5ae2f0c711912e"
 		logic_hash = "2838851a5e013705b64625801d2ab1d56cfc17c52f75a5fd71448cb0a4b4b683"
 		score = 75
@@ -71339,8 +73131,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b"
 		logic_hash = "82db0985f215da1d84e16fce94df7553b43b06082bf5475515dbbcf016c40fe4"
 		score = 75
@@ -71368,8 +73160,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_F2298A50 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b"
 		logic_hash = "6c2c9b6aea1fb35f8f600dd084ed9cfd56123f7502036e76dd168ccd8b43b28f"
 		score = 75
@@ -71397,8 +73189,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_851Fc7Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b"
 		logic_hash = "9f271a16fe30fbf0c16533522b733228f19e0c44d173e4c0ef43bf13323e7383"
 		score = 75
@@ -71426,8 +73218,8 @@ rule ELASTIC_Windows_Hacktool_Clroxide_D92D9575 : FILE MEMORY
 		date = "2024-02-29"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3a4900eff80563bff586ced172c3988347980f902aceef2f9f9f6d188fac8e3"
 		logic_hash = "01bb071e1286bb139c5e1c37e421153ef1b28a5994feeaedf6ad27ad7dade5e9"
 		score = 75
@@ -71461,8 +73253,8 @@ rule ELASTIC_Linux_Trojan_Xhide_7F0A131B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xhide.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xhide.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560"
 		logic_hash = "4843042576d1f4f37b5a7cda1b261831030d9145c49b57e9b4c66e2658cc8cf9"
 		score = 75
@@ -71490,8 +73282,8 @@ rule ELASTIC_Linux_Trojan_Xhide_Cd8489F7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xhide.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xhide.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560"
 		logic_hash = "34924260c811f1796ae37faec922bc21bb312ebb0672042d3ec27855f63ed61e"
 		score = 75
@@ -71519,8 +73311,8 @@ rule ELASTIC_Linux_Trojan_Xhide_840B27C7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xhide.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xhide.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560"
 		logic_hash = "6b0bfe69558399af6e0469a31741dcf2eb91fbe3e130267139240d3458eb8a0d"
 		score = 75
@@ -71548,8 +73340,8 @@ rule ELASTIC_Linux_Ransomware_Conti_53A640F4 : FILE MEMORY
 		date = "2022-09-22"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Conti.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Conti.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8b57e96e90cd95fc2ba421204b482005fe41c28f506730b6148bcef8316a3201"
 		logic_hash = "b83a47664d8acce7de17ac5972d9fd5e708c8cd3d8ebedc2bacf1397fd25f5d3"
 		score = 75
@@ -71577,8 +73369,8 @@ rule ELASTIC_Linux_Ransomware_Conti_A89C26Cf : FILE MEMORY
 		date = "2023-07-30"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Conti.yar#L21-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Conti.yar#L21-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7"
 		logic_hash = "301f3f3ece06a1cd6788db6e3003497b27470780eaaad95f40ed926e7623793e"
 		score = 75
@@ -71609,8 +73401,8 @@ rule ELASTIC_Windows_Trojan_Twistedtinsel_Aa56E527 : FILE MEMORY
 		date = "2023-12-06"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ef1cbdf9a23ae028a858e1d09529982eaeda61197ae029e091918690d3a86e2e"
 		logic_hash = "de31d0a5560baf6b37897eba3a637b00b539f542a2620983c3407a6898e003c7"
 		score = 75
@@ -71639,8 +73431,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ea9532Df : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dfe32d97eb48fb2afc295eecfda3196cba5d27ced6217532d119a764071c6297"
 		logic_hash = "4944f5a2632bfe0abebfa6f658ed3f71e4d97efcb428ed0987e2071dfd66e6a9"
 		score = 75
@@ -71668,8 +73460,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ee0C719A : FILE MEMORY
 		date = "2023-07-29"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e711b2d9323582aa390cf34846a2064457ae065c7d2ee1a78f5ed0859b40f9c0"
 		logic_hash = "3ca12ea0f1794935ea570dda83f33d04ffb19b6664cc1c8b1cbeed59ac04a01a"
 		score = 75
@@ -71698,8 +73490,8 @@ rule ELASTIC_Linux_Cryptominer_Zexaf_B90E7683 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "98650ebb7e463a06e737bcea4fd2b0f9036fafb0638ba8f002e6fe141b9fecfe"
 		logic_hash = "d8485d8fbf00d5c828d7c6c80fef61f228f308e3d27a762514cfb3f00053b30b"
 		score = 75
@@ -71727,8 +73519,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_825B6808 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7db9a0760dd16e23cb299559a0e31a431b836a105d5309a9880fa4b821937659"
 		logic_hash = "f5f997d8401f1505e81072dcb0e24ad7a78f0b56133698b70d8dd93ef25ddaf3"
 		score = 75
@@ -71756,8 +73548,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A44Ab8Cd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b2068a4a666b0279358b8eb4f480d2df4c518a8b4518d0d77c6687c3bff0a32"
 		logic_hash = "a0501f76aff532366292189d34a57844ba999748b94f349be2f391dfd96e2106"
 		score = 75
@@ -71785,8 +73577,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7026F674 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7a77ebb66664c54d01a57abed5bb034ef2933a9590b595bba0566938b099438"
 		logic_hash = "ec8ece1f922260f620fb30d82469f77a4d0239da536fc464fc37a3943cd6e463"
 		score = 75
@@ -71814,8 +73606,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_761Ad88E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771"
 		logic_hash = "2b0c64da713e2f8ff671cbe086638810bc02a983d42851e78c68a57bde9f023c"
 		score = 75
@@ -71843,8 +73635,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B93655D3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "34cb06385543c6c2c562f757df2f641d8402e7c9f95fa924e17652a1c38d695f"
 		score = 75
 		quality = 75
@@ -71871,8 +73663,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Af9F75E6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705"
 		logic_hash = "b74f5fad3c7219038e51eb4fa12fb9d55d7f65a9f4bab0adff8609fabb0afdab"
 		score = 75
@@ -71900,8 +73692,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Bf0E994 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ea2dc13eec0d7a8ec20307f5afac8e9344d827a6037bb96a54ad7b12f65b59c"
 		logic_hash = "2c1099b8078ac306f7cb67be5b5b5e34f57414b9aa26bdd6c26d3636c80846cd"
 		score = 75
@@ -71929,8 +73721,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D710A5Da : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4"
 		logic_hash = "118a29cc0ccd191181dabc134de282ba134e041113faaa4d95e0aa201646438b"
 		score = 75
@@ -71958,8 +73750,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F434A3Fb : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4"
 		logic_hash = "11b173f73b87f50775be50c6b4528bd9b148ea4266297aec76ae126cab0facb0"
 		score = 75
@@ -71987,8 +73779,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A2795A4C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71"
 		logic_hash = "18e15b8a417f9ff2fd9277a01eb3224c761807ce9541ece568f4525ae66eb81f"
 		score = 75
@@ -72016,8 +73808,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_678C1145 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "559793b9cb5340478f76aaf5f81c8dbfbcfa826657713d5257dac3c496b243a6"
 		logic_hash = "5ff15c8d92bca62700bbb67aeebc41fd603687dbc0c93733955bf59375df40a1"
 		score = 60
@@ -72045,8 +73837,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_3Cbdfb1F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bd40ac964f3ad2011841c7eb4bf7cab332d4d95191122e830ab031dc9511c079"
 		logic_hash = "38e8ca59bf55c32b99aa76a89f60edcf09956b7cad0b4745fab92eca327c52db"
 		score = 75
@@ -72074,8 +73866,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_8B63Ff02 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304"
 		logic_hash = "3b68353c8eeb21a3eba7a02ae76b66b4f094ec52d5309582544d247cc6548da3"
 		score = 75
@@ -72103,8 +73895,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_30973084 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a22ffa748bcaaed801f48f38b26a9cfdd5e62183a9f6f31c8a1d4a8443bf62a4"
 		logic_hash = "d965a032c0fb6020c6187aa3117f7251dd8c9287c45453e3d5ae2ac62b3067bb"
 		score = 75
@@ -72132,8 +73924,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Cfa95Dd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771"
 		logic_hash = "f73a96cc379c8dc060bfe5668ef7e47c5bcd037b3f41c300ef20c2f2f653cb00"
 		score = 75
@@ -72161,8 +73953,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_25C48456 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eba6f3e4f7b53e22522d82bdbdf5271c3fc701cbe07e9ecb7b4c0b85adc9d6b4"
 		logic_hash = "4ed4b901fccaed834b9908fb447da1521bf31f283ae55b6d8f6090814cf8fcd2"
 		score = 75
@@ -72190,8 +73982,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B1Ca2Abd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771"
 		logic_hash = "05b906a9823bf9ba25ba1ed490beb8f338429cbc744ca230c5c4cbb41ab9f140"
 		score = 75
@@ -72219,8 +74011,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Cce8C792 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6"
 		logic_hash = "14700d24e8682ec04f2aae02f5820c4d956db60583b1bc61038b47e709705d0d"
 		score = 75
@@ -72248,8 +74040,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_4Bcea1C4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71"
 		logic_hash = "76019729a3a33fc04ff983f38b4fbf174a66da7ffc05cd07eb93e3cd5aecaaa2"
 		score = 75
@@ -72277,8 +74069,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Ab561A1B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b7df0d491974bead05d04ede6cf763ecac30ecff4d27bb4097c90cc9c3f4155"
 		logic_hash = "5720d2ada4b33514f2d528417876606d2951786df8b0512f9e8833b8ec87127a"
 		score = 75
@@ -72306,8 +74098,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1A4Eb229 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705"
 		logic_hash = "83b04e366a05a46ad67b9aaf6b9658520e119003cd65941dd69416cbc5229c30"
 		score = 75
@@ -72335,8 +74127,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_51Ef0659 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7a2bc75dd9c44c38b2a6e4e7e579142ece92a75b8a3f815940c5aa31470be2b"
 		logic_hash = "26dd95cb1cdaec10d408e294a3baca85d741cf5e56649cdcc79ef7216e4cb440"
 		score = 75
@@ -72364,8 +74156,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D90C4Cbe : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62"
 		logic_hash = "145d32f8a06af18e6f13b0905cc51fd7b1a9e00b41b0f0a5d537ada2b54a94b5"
 		score = 75
@@ -72393,8 +74185,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_C680C9Fd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6"
 		logic_hash = "a283132ffdd109b8b1f01e5a3e2700b70b742945c7ae8b15b2b244fb249a5e3d"
 		score = 75
@@ -72422,8 +74214,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_E63396F4 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323"
 		logic_hash = "d3f7c62a7411caf86ee574a686b4b1972066602f89d39ae9e49ba66d9917c7c9"
 		score = 75
@@ -72451,8 +74243,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7D5355Da : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "03397525f90c8c2242058d2f6afc81ceab199c5abcab8fd460fabb6b083d8d20"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b4540f941ca1a36c460d056ef263ebd67c6388f3f6f373f50371f7cca2739bc4"
 		score = 75
 		quality = 75
@@ -72479,8 +74271,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A9E8A90F : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "0558cf8cab0ba1515b3b69ac32975e5e18d754874e7a54d19098e7240ebf44e4"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8f1fcb736a9363142a25426ef2d166f92526bffaf8069f1b12056c9cf5825379"
 		score = 75
 		quality = 75
@@ -72507,8 +74299,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A598192A : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "19909f53acca8c84125c95fc651765a25162c5f916366da8351e67675393e583"
 		score = 75
 		quality = 75
@@ -72535,8 +74327,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_53Bf4E37 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d1aabf8067b74dac114e197722d51c4bbb9a78e6ba9b5401399930c29d55bdcc"
 		score = 75
 		quality = 75
@@ -72563,8 +74355,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_50158A6E : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1e0cdb655e48d21a6b02d2e1e62052ffaaec9fdfe65a3d180fc8afabc249e1d8"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "67c22fcf514a3e8c2c27817798c796aacf00ba82e1090894aa2c1170a1e2a096"
 		score = 75
 		quality = 75
@@ -72591,8 +74383,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F454Ec10 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "0297e1ad6e180af85256a175183102776212d324a2ce0c4f32e8a44a2e2e9dad"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e5afb215632ad6359ba95df86316d496ea5e36edb79901c34e0710a6bd9c97d1"
 		score = 75
 		quality = 75
@@ -72619,8 +74411,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_9417F77B : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "60ff13e27dad5e6eadb04011aa653a15e1a07200b6630fdd0d0d72a9ba797d68"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "470b7e44cd875b1f6abcfa5e4d33d2808a65630dc914b38643c9efb14db5f1ff"
 		score = 75
 		quality = 75
@@ -72647,8 +74439,8 @@ rule ELASTIC_Windows_Ransomware_Hive_55619Cd0 : FILE MEMORY
 		date = "2021-08-26"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hive.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hive.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609"
 		logic_hash = "51e2b03a9f9b92819bbf05ecbb33a23662a40e7d51f9812aa8243c4506057f1f"
 		score = 75
@@ -72678,8 +74470,8 @@ rule ELASTIC_Windows_Ransomware_Hive_3Ed67Fe6 : FILE MEMORY
 		date = "2021-08-26"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hive.yar#L23-L45"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hive.yar#L23-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609"
 		logic_hash = "a599f0d528bdbec00afa7e9a5cddec5e799ee755a7f30af70dde7d2459b70155"
 		score = 75
@@ -72711,8 +74503,8 @@ rule ELASTIC_Windows_Ransomware_Hive_B97Ec33B : FILE MEMORY
 		date = "2021-08-26"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hive.yar#L47-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hive.yar#L47-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609"
 		logic_hash = "10034d9f53fd5099a423269e0c42c01eac18318f5d11599e1390912c8fd7af25"
 		score = 75
@@ -72740,8 +74532,8 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece"
 		logic_hash = "e3f057d5a5c47a1f3b4d50e2ad0ebb3a4ffe0efe513a0d375f827fadb3328d80"
 		score = 75
@@ -72761,6 +74553,37 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE
 	condition:
 		int16 ( uint32(0x3C)+0x5c)==0x0001 and $original_file_name
 }
+rule ELASTIC_Linux_Exploit_Iouring_D04C1C19 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Exploit Iouring (Linux.Exploit.IOUring)"
+		author = "Elastic Security"
+		id = "d04c1c19-9303-41cd-ae9c-149bb137e6cc"
+		date = "2024-04-07"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_IOUring.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "29e6a5f7b36e271219601528f3fd70831aacb8b9f05722779faa40afc97b3b60"
+		logic_hash = "b1d8d6090576b4b5bcd435eb69ee1dc1f1947115d38b62364cf1730a4f08d317"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "0e50d858b8e5428a964dc70b0132659defd61e8965331fa327b1f454bf922162"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$s1 = "io_uring_"
+		$s2 = "kaslr_leak: 0x%llx"
+		$s3 = "kaslr_base: 0x%llx"
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE
 {
 	meta:
@@ -72770,8 +74593,8 @@ rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE
 		date = "2022-04-04"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Lurker.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Lurker.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5718fd4f807e29e48a8b6a6f4484426ba96c61ec8630dc78677686e0c9ba2b87"
 		logic_hash = "782926c927dce82b95e51634d5607c474937e1edc0f7f739acefa0f4c03aa753"
 		score = 75
@@ -72799,8 +74622,8 @@ rule ELASTIC_Windows_Hacktool_Coffloader_81Ba13B8 : FILE MEMORY
 		date = "2024-04-22"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c2e03659eb1594dc958e01344cfa9ba126d66736b089db5e3dd1b1c3e3e7d2f7"
 		logic_hash = "d4f061af200a0ae9f3276fd6dfcb09ecdf662f29b7c43ea47c69a53d9fe66793"
 		score = 75
@@ -72852,8 +74675,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_Ccf88A37 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd"
 		logic_hash = "77833cdb319bc8e22db2503478677d5992774105f659fe7520177a691c83aa91"
 		score = 75
@@ -72881,8 +74704,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_5Fb2Efd5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0"
 		logic_hash = "4c247f40c9781332f04f82a244f6e8e22c9c744963f736937eddecf769b40a54"
 		score = 75
@@ -72910,8 +74733,8 @@ rule ELASTIC_Linux_Cryptominer_Xpaj_Fdbd614E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3e2b1b36981713217301dd02db33fb01458b3ff47f28dfdc795d8d1d332f13ea"
 		logic_hash = "70e6450f98411750361481aaad0d3ea079f58b1ae09970f04da09c20137a50fa"
 		score = 75
@@ -72939,8 +74762,8 @@ rule ELASTIC_Windows_Trojan_Qbot_D91C1384 : FILE MEMORY
 		date = "2021-07-08"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Qbot.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Qbot.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "18ac3870aaa9aaaf6f4a5c0118daa4b43ad93d71c38bf42cb600db3d786c6dda"
 		logic_hash = "8fd8249a2af236c92ccbc20b2a8380f69ca75976bd64bad167828e9ab4c6ed90"
 		score = 75
@@ -72968,8 +74791,8 @@ rule ELASTIC_Windows_Trojan_Qbot_7D5Dc64A : FILE MEMORY
 		date = "2021-10-04"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Qbot.yar#L22-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Qbot.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56"
 		logic_hash = "5c8858502050494ab20a230f04c2c1cb4bfcd80f4a248dad82787d7ce67c741d"
 		score = 75
@@ -72998,8 +74821,8 @@ rule ELASTIC_Windows_Trojan_Qbot_6Fd34691 : FILE MEMORY
 		date = "2022-03-07"
 		modified = "2022-04-12"
 		reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Qbot.yar#L44-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Qbot.yar#L44-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0838cd11d6f504203ea98f78cac8f066eb2096a2af16d27fb9903484e7e6a689"
 		logic_hash = "9422d9f276f0c8c2990ece3282d918abc6fcce7eeb6809d46ae6b768a501a877"
 		score = 75
@@ -73028,8 +74851,8 @@ rule ELASTIC_Windows_Trojan_Qbot_3074A8D4 : FILE MEMORY
 		date = "2022-06-07"
 		modified = "2022-07-18"
 		reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Qbot.yar#L66-L97"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Qbot.yar#L66-L97"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a"
 		logic_hash = "90c06bd09fe640bb5a6be8e4f2384fb15c7501674d57db005e790ed336740c99"
 		score = 75
@@ -73069,8 +74892,8 @@ rule ELASTIC_Windows_Trojan_Qbot_1Ac22A26 : FILE MEMORY
 		date = "2022-12-29"
 		modified = "2023-02-01"
 		reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Qbot.yar#L99-L136"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Qbot.yar#L99-L136"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a"
 		logic_hash = "d9beaf4a8c28a0b3c38dda6bf22a96b8c96ef715bd36de880504a9f970338fe2"
 		score = 75
@@ -73116,8 +74939,8 @@ rule ELASTIC_Windows_Trojan_Phoreal_66E91De3 : FILE MEMORY
 		date = "2022-02-16"
 		modified = "2022-04-12"
 		reference = "https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de"
 		logic_hash = "c68131fd5e0272d3d473db387a186056a38e6611925ae448d5b668022e6e163a"
 		score = 75
@@ -73148,8 +74971,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_D248E80E : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4800a67ceff340d2ab4f79406a01f58e5a97d589b29b35394b2a82a299b19745"
 		logic_hash = "5d33d243cd7f9d9189139eb34a4dd8d81882be200223d5c8e60dfd07ca98f94b"
 		score = 75
@@ -73182,8 +75005,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_5B30A04B : FILE MEMORY
 		date = "2023-07-29"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "41cbb7d79388eaa4d6e704bd4a8bf8f34d486d27277001c343ea3ce112f4fb0d"
 		logic_hash = "b89d0f25f08ffa35e075def6a29cf52a80500c6499732146426a71c741059a3b"
 		score = 75
@@ -73213,8 +75036,8 @@ rule ELASTIC_Linux_Cryptominer_Presenoker_3Bb5533D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bbc155c610c7aa439f98e32f97895d7eeaef06dab7cca05a5179b0eb3ba3cc00"
 		logic_hash = "13bf69ea6bc7df5ba9ebffe67234657f2ecab99e28fd76d0bbedceaf9706a4dd"
 		score = 75
@@ -73242,8 +75065,8 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY
 		date = "2022-10-29"
 		modified = "2022-12-20"
 		reference = "https://vms.drweb.com/virus/?i=8172096"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "68d9ffb6e00c2694d0d827108d0410d5a66d4f8cf839afddd17c5887b0149350"
 		logic_hash = "3d42c76626c76959e450a81001c73d8d47b52789cab324e0cc7af09303c1367d"
 		score = 75
@@ -73276,8 +75099,8 @@ rule ELASTIC_Windows_PUP_Mediaarena_A9E3B4A1 : FILE MEMORY
 		date = "2023-06-02"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_PUP_MediaArena.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_PUP_MediaArena.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac"
 		logic_hash = "8e52b29f2848498aae2fd7ad35494362d6c07f0e752b628840a256923aca32c7"
 		score = 75
@@ -73311,8 +75134,8 @@ rule ELASTIC_Windows_Trojan_Netwire_6A7Df287 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Netwire.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Netwire.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254"
 		logic_hash = "d5f36e2a81cf0a9037267d39266b4c31ca9c07b05fb9772e296aeac2da6051a5"
 		score = 75
@@ -73340,8 +75163,8 @@ rule ELASTIC_Windows_Trojan_Netwire_1B43Df38 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Netwire.yar#L22-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Netwire.yar#L22-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254"
 		logic_hash = "bb0eb1c1969bc1416e933822843293c5d41bf9bc3d402fa5dbdc3cdf2f4b394a"
 		score = 75
@@ -73371,8 +75194,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F85E4Abc : FILE MEMORY
 		date = "2022-08-14"
 		modified = "2022-09-29"
 		reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Netwire.yar#L45-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Netwire.yar#L45-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776"
 		logic_hash = "af8fc8fff2e1a0b6c87ac6d24fecf2e1cefe6313ec66da13fddd1be25c1c3d92"
 		score = 75
@@ -73400,8 +75223,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F42Cb379 : FILE MEMORY
 		date = "2022-08-14"
 		modified = "2022-09-29"
 		reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Netwire.yar#L66-L90"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Netwire.yar#L66-L90"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776"
 		logic_hash = "fc1436596987d3971a464e707ee6fd5689e7d2800df471c125c1e3f748537f5d"
 		score = 75
@@ -73434,8 +75257,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_C42Fd06D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80"
 		logic_hash = "4ff7aad11adaae8fccb23d36fc96937ba48a5517895a742f2864ba1973f3db3a"
 		score = 75
@@ -73463,8 +75286,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_D08B1D2E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4f7ad24b53b8e255710e4080d55f797564aa8c270bf100129bdbe52a29906b78"
 		logic_hash = "8f489bb020397beae91f7bce82bc1b47912deab1b79224158f79c53f1d7c7fd3"
 		score = 75
@@ -73492,8 +75315,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_0797De34 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e4699e35ce8091f97decbeebff63d7fa8c868172a79f9d9d52b6778c3faab8f2"
 		logic_hash = "7ab5dd99d8bbef61ec764900df5bebf39ed90833a8f9481c427cbb46faf2c521"
 		score = 75
@@ -73521,8 +75344,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_41E36585 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80"
 		logic_hash = "e176523afe8c3394ddda41a5ef11f825fed1e149476709a7c1ea26b8af72d4fc"
 		score = 75
@@ -73550,8 +75373,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_8C36Ddc1 : FILE MEMORY
 		date = "2022-12-14"
 		modified = "2022-12-15"
 		reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54"
 		logic_hash = "17ce8090b88100f00c07df0599cd51dc7682f4c43de989ce58621df97eca42fb"
 		score = 75
@@ -73587,8 +75410,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_Ad3Fe5C6 : FILE MEMORY
 		date = "2023-09-12"
 		modified = "2023-09-20"
 		reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb"
 		logic_hash = "b625221b77803c2c052db09c90a76666cf9e0ae34cb0d59ae303e890e646e94b"
 		score = 75
@@ -73623,8 +75446,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_D801Ce71 : FILE MEMORY
 		date = "2023-09-12"
 		modified = "2023-09-20"
 		reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb"
 		logic_hash = "c2d00d64d69cb5d24d76f6c551b49aa1acef1e1bab96f7ed7facc148244a8370"
 		score = 75
@@ -73654,8 +75477,8 @@ rule ELASTIC_Linux_Trojan_Badbee_231Cb054 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Badbee.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Badbee.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "832ba859c3030e58b94398ff663ddfe27078946a83dcfc81a5ef88351d41f4e2"
 		logic_hash = "a1ed8f2da9b4f891a5c65d943424bb7c465f0d07e7756e292c617ce5ef14d182"
 		score = 75
@@ -73683,8 +75506,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_A1311F49 : FILE MEMORY
 		date = "2023-10-06"
 		modified = "2023-10-26"
 		reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0175448655e593aa299278d5f11b81f2af76638859e104975bdb5d30af5c0c11"
 		logic_hash = "21838f230ac1a77f09d01d30f4ea3b66313618660e63ab7012b030e0b819547e"
 		score = 75
@@ -73713,8 +75536,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3Fe1D02D : FILE MEMORY
 		date = "2023-10-12"
 		modified = "2023-10-26"
 		reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4ef78d436a153ed751a8483c1e43ec2ba053dedfa0da2780fded42012d3042c1"
 		score = 75
 		quality = 75
@@ -73741,8 +75564,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY
 		date = "2023-12-11"
 		modified = "2024-01-12"
 		reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3013ba32838f6d97d7d75e25394f9611b1c5def94d93588f0a05c90b25b7d6d5"
 		logic_hash = "a92815f27533338e17afd5ebdbe82e382636fb81167a82d1b613c0dccc5b7ed3"
 		score = 75
@@ -73762,6 +75585,36 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY
 	condition:
 		any of them
 }
+rule ELASTIC_Windows_Trojan_Ghostpulse_8Ae8310B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Ghostpulse (Windows.Trojan.GhostPulse)"
+		author = "Elastic Security"
+		id = "8ae8310b-4ead-4b5c-be73-7db365470891"
+		date = "2024-05-27"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "5b64f91b41a7390d89cd3b1fccf02b08b18b7fed17a43b0bfac63d75dc0df083"
+		logic_hash = "b3873a3c728e98d65984033620c0ac8ee93be21db5b6d9bd4665b9f7d0d759fa"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "61213fd4ce9ddebdc7de8e6b23827347af3cbddd61254f95917e9af6b8a2b7b2"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 48 8B 84 24 ?? 0D 00 00 8B 40 14 0F BA E8 09 48 8B 8C 24 ?? 0D 00 00 89 41 14 48 8B 84 24 ?? 0D 00 00 48 8B 8C 24 ?? 05 00 00 48 89 88 C0 ?? 00 00 }
+		$b = { BA C8 90 F0 B2 48 8B ?? ?? ?? E8 ?? ?? ?? 00 48 89 ?? ?? ?? 07 00 00 BA 9C 6C DA DC 48 8B ?? ?? ?? E8 ?? ?? ?? 00 48 89 ?? ?? ?? 07 00 00 BA 8D 20 4A A1 48 8B ?? ?? ?? E8 ?? ?? ?? 00 48 89 ?? ?? ?? 07 00 00 BA D4 7C 1A A8 }
+
+	condition:
+		any of them
+}
 rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE
 {
 	meta:
@@ -73771,8 +75624,8 @@ rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c"
 		logic_hash = "b21c16cb72d003c505aa0ac4cc21b92513a100bad6870460090994c02cad875a"
 		score = 75
@@ -73801,8 +75654,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_B548D151 : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486"
 		logic_hash = "cf76a311de9d292a2ea09b3937b8eb7fd761b7c33a464a31acf6b9a5bf121959"
 		score = 75
@@ -73830,8 +75683,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_8394F6D5 : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486"
 		logic_hash = "50a9b65ca6dde4fc32d2d57e72042f4380dd6c263ec5c33ce7c158151b91a5ae"
 		score = 75
@@ -73859,8 +75712,8 @@ rule ELASTIC_Windows_Hacktool_Blackbone_2Ff5Ec38 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4e3887f950bff034efedd40f1e949579854a24140128246fa6141f2c34de6017"
 		logic_hash = "0c32bd04460cdf7a56664253992a684c2c684b15ac9ca853b27ab24f07f71607"
 		score = 75
@@ -73888,8 +75741,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_E4874Cd4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2"
 		logic_hash = "1523fe8f7bbbc7e42f8c2efe5b28dd381007846a1ba7078a6f1a30aedace884b"
 		score = 75
@@ -73917,8 +75770,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_32C35334 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d62d450d48756c09f8788b27301de889c864e597924a0526a325fa602f91f376"
 		score = 75
 		quality = 75
@@ -73945,8 +75798,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_6Dc1Caab : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f4587bd45e57d4106ebe502d2eaa1d97fd68613095234038d67490e74c62ba70"
 		logic_hash = "fd70960ed6e06f4d152bbd211fbe491dad596010da12cd53c93b577b551b8053"
 		score = 75
@@ -73974,8 +75827,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Dc47A873 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2"
 		logic_hash = "2f5bd9e012fd778388074cf29b56c7cd59391840f994835d087b7b661445d316"
 		score = 75
@@ -74003,8 +75856,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Cb0358A0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2"
 		logic_hash = "1f152b69bf0b2bfa539fdd42c432e456b9efb3766a450333a987313bb12c1826"
 		score = 75
@@ -74032,8 +75885,8 @@ rule ELASTIC_Windows_Ransomware_Helloxd_0C50F01B : FILE MEMORY
 		date = "2022-06-14"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589"
 		logic_hash = "71e09fa1a00fa6f3688129ee2b2a8957b84f64ef51fcba5123a6a9df80a9c7e1"
 		score = 75
@@ -74068,8 +75921,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_34Bd6C83 : FILE MEMORY
 		date = "2021-06-13"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "37f70ae0e4e671c739d402c00f708761e98b155a1eefbedff1236637c4b7690a"
 		logic_hash = "d386fc2a4b6a98638328d1aa05a8d8dbb7a1bbcd72943457b1a5a27b056744ef"
 		score = 75
@@ -74101,8 +75954,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY
 		date = "2022-08-29"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f"
 		logic_hash = "4c66f79f4bf6bde49bfb9208e6dc1d3b5d041927565e7302381838b0f32da6f4"
 		score = 75
@@ -74130,8 +75983,8 @@ rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY
 		date = "2023-08-01"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Trojan_Mythic.yar#L1-L28"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Mythic.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7b3b7bae1763f3c73df206f97065920fa55b973d22c967acb3d26ac8e89e60c7"
 		score = 75
 		quality = 75
@@ -74168,8 +76021,8 @@ rule ELASTIC_Linux_Exploit_Moogrey_81131B66 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cc27b9755bd9feb1fb2c510f66e36c20a1503e6769cdaeee2bea7fe962d22ccc"
 		logic_hash = "dc2fe7caa38f665d24bbc673ff63491ebdeec8d56a420092243ce241238846cf"
 		score = 75
@@ -74197,8 +76050,8 @@ rule ELASTIC_Linux_Trojan_Lala_51Deb1F9 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Lala.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Lala.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3af65d3307fbdc2e8ce6e1358d1413ebff5eeb5dbedc051394377a4dabffa82"
 		logic_hash = "73a7ec230be9aabcc301095c9c075f839852155419bdd8d5542287f34699ab33"
 		score = 75
@@ -74226,8 +76079,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_Fa1F1338 : FILE MEMORY
 		date = "2023-12-14"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876"
 		logic_hash = "d5447a57fc57af52c263b84522346a3e94a464a698de8be77eab3b56156164f2"
 		score = 75
@@ -74257,8 +76110,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_07Ef6F14 : FILE MEMORY
 		date = "2023-12-14"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876"
 		logic_hash = "2820286b362b107fc7fc3ec8f1a004a7d7926a84318f2943f58239f1f7e8f1f0"
 		score = 75
@@ -74287,8 +76140,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_12374E97 : FILE MEMORY CVE_2009_2698
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f"
 		logic_hash = "ed86a239b909681f2ab3503cfedf202dbe5f53a6f554cf4db13f08bee625c0b7"
 		score = 75
@@ -74316,8 +76169,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_Cc04Dddd : FILE MEMORY CVE_2009_2698
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d"
 		logic_hash = "68daa56ca98cc8f713faa138432190d19c27f07b2182a1f82347a3bfc5821ebb"
 		score = 75
@@ -74345,8 +76198,8 @@ rule ELASTIC_Windows_Virus_Expiro_84E99Ff0 : FILE MEMORY
 		date = "2023-09-26"
 		modified = "2023-11-02"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Virus_Expiro.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Virus_Expiro.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "47107836ead700bddbe9e8a0c016b5b1443c785442b2addbb50a70445779bad7"
 		logic_hash = "ce4847bf5850c1f30dca9603bfbbfbb69339285f096ac469c6d2d4b04f5562b4"
 		score = 75
@@ -74375,8 +76228,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_18Fc60E5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60"
 		logic_hash = "75db45ccbeb558409ee9398065591472d4aee0382be5980adb9d0fb41e557789"
 		score = 75
@@ -74404,8 +76257,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_3C593Bc3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60"
 		logic_hash = "94a0d33b474b3c60e926eaf06147eb0fdc56beac525f25326448bf2a5177d9c0"
 		score = 75
@@ -74433,8 +76286,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_05088561 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59"
 		logic_hash = "2b0f8a4efdfb13abcc2a1b43e9c39828ea1de6015fef0ef613bd754da5aa3e9a"
 		score = 75
@@ -74462,8 +76315,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Ae8B98A9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "aade76488aa2f557de9082647153cca374a4819cd8e539ebba4bfef2334221b0"
 		score = 75
 		quality = 75
@@ -74490,8 +76343,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_D707Fd3A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59"
 		logic_hash = "b825247372aace6e3ce0ff1d9685b6bb041b7277f8967d5f5926b49813cfadc9"
 		score = 75
@@ -74519,8 +76372,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_52Dc7Af3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a9c14b51f95d0c368bf90fb10e7d821a2fbcc79df32fd9f068a7fc053cbd7e83"
 		logic_hash = "81998164f517b6f1ef72b10227cfff86aa8bbd2b4e2668f946c8ed59696ae74d"
 		score = 75
@@ -74548,8 +76401,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Bb3153Ac : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b974b6e6a239bcdc067c53cc8a6180c900052d7874075244dc49aaaa9414cca"
 		logic_hash = "e8516a24358b12863fe52c823ca67f0004457017334fe77dabf5f08d6bf2d907"
 		score = 75
@@ -74577,8 +76430,8 @@ rule ELASTIC_Windows_Vulndriver_Rtcore_4Eeb2Ce5 : FILE
 		date = "2022-04-04"
 		modified = "2022-08-30"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd"
 		logic_hash = "f547bce6554c60e8f3ef8e128c05533cf1f35ce0ee414d5a1c5e9a205b05d8fe"
 		score = 75
@@ -74607,8 +76460,8 @@ rule ELASTIC_Windows_Vulndriver_Echodrv_D17Ff31C : FILE
 		date = "2023-10-31"
 		modified = "2023-11-03"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9"
 		logic_hash = "0b2eb3c5da8703749ee63662495d6e8738ccdc353f3ac3df48e25a77312c0da0"
 		score = 75
@@ -74636,8 +76489,8 @@ rule ELASTIC_Linux_Trojan_Sfloost_69A5343A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0cd73db5165671c7bbd9493c34d693d25b845a9a21706081e1bf44bf0312ef9"
 		logic_hash = "bd3cd33d02c7ca1d3a0364e5e3e2f968f32da8f087f744232f3cb786da6c7875"
 		score = 75
@@ -74665,8 +76518,8 @@ rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY
 		date = "2021-08-17"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Limerat.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Limerat.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01"
 		logic_hash = "053a6abe589db23c4b9baed24729c8bcdd9019535fd0d9efc60ab4035c9779f3"
 		score = 75
@@ -74694,8 +76547,8 @@ rule ELASTIC_Linux_Exploit_Alie_E69De1Ee : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Alie.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Alie.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "882839549f062ab4cbe6df91336ed320eaf6c2300fc2ed64d1877426a0da567d"
 		logic_hash = "bb4625751c924b9ff5d32cc044fcff68892e82d9e94d679c4e4c8286f680a854"
 		score = 75
@@ -74723,8 +76576,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_9Ac1654B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5de1f43803f3d3b94149ea39ed961e7b9a1ad86c15c5085e2e0a5f9c314e98ff"
 		score = 75
 		quality = 75
@@ -74751,8 +76604,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Dd167Aa0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "88be4fbb337fa866e126021b40a01d86a33029071af7efc289a8c5490d21ea8a"
 		score = 75
 		quality = 75
@@ -74779,8 +76632,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B25398Dd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6fb3b77be0a66a10124a82f9ec6ad22247d7865a4d26aa49c5d602320318ce3c"
 		logic_hash = "e7fdb3c573909e8f197417278a6d333cc3743b05257d81fed46769b185354183"
 		score = 75
@@ -74808,8 +76661,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_6A279F19 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b01f72b2c53db9b8f253bb98c6584581ebd1af1b1aaee62659f54193c269fca"
 		logic_hash = "91e3c0d96fe5ab9c61b38f01d39639020ec459bec6348b1f87a2c5b1a874e24a"
 		score = 75
@@ -74837,8 +76690,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_4E7945A4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7504ce57787956e486d951b4ff78d73807fcc2a7958b172febc6d914e7a23a7"
 		logic_hash = "aebc544076954fcce917e026467a8828b18446ce7c690b4c748562e311b7d491"
 		score = 75
@@ -74866,8 +76719,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_29C1C386 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444"
 		logic_hash = "1a3a9065cbb59658c06dfbfc622ccd2e577e988370ffe47848a5859f96db4e24"
 		score = 75
@@ -74895,8 +76748,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_25B63F54 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "640ffe2040e382ad536c1b6947e05f8c25ff82897ef7ac673a7676815856a346"
 		score = 75
 		quality = 75
@@ -74923,8 +76776,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_73E2373E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444"
 		logic_hash = "2377da6667860dc7204760ee64213cba95909c9181bd1a3ea96c3ad29988c9f7"
 		score = 75
@@ -74952,8 +76805,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B8552Fff : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa"
 		logic_hash = "476b800422b6d98405d8bde727bb589c5cae36723436b269beaa65381b3d0abe"
 		score = 75
@@ -74981,8 +76834,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_83550472 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63"
 		logic_hash = "f62d4a2a7dfb312b2e362844bfa29bd4453a05f31b4f72550ef29ff40ed6fb9d"
 		score = 75
@@ -75010,8 +76863,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_8799D8D6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4a6d98eae8951e5b9e0a226f1197732d6d14ed45c1b1534d3cdb4413261eb352"
 		logic_hash = "4bcd7931aeed09069d5dd248a66f119a2bdf628e03b9abed9ee2de59a149c2bc"
 		score = 75
@@ -75039,8 +76892,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_0F7C5375 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e75be5377ad65abdc69e6c7f9fe17429a98188a217d0ca3a6f40e75c4f0c07e8"
 		logic_hash = "05f4b16a7e4c7ffbc6b8a2f60050a4ac1d05d9efbe948e2da689055f6383cf82"
 		score = 75
@@ -75068,8 +76921,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_87639Dbd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63"
 		logic_hash = "b81af8c9baee999b91e63f97d5a46451d9960487b25b04079df5539f857be466"
 		score = 75
@@ -75097,8 +76950,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Cdd631C1 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91549c171ae7f43c1a85a303be30169932a071b5c2b6cf3f4913f20073c97897"
 		logic_hash = "5e4b26a74fc3737c068917c7c1228048f885ac30fc326a2844611f7e707d1300"
 		score = 75
@@ -75126,8 +76979,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_209B02Dd : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "60d33d1fdabc6b10f7bb304f4937051a53d63f39613853836e6c4d095343092e"
 		logic_hash = "5cadc955242d4b7d5fd4365a0b425051d89c905e3d49ea03967150de0020225c"
 		score = 75
@@ -75155,8 +77008,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_9F3A5Abb : FILE MEMORY
 		date = "2022-11-24"
 		modified = "2023-06-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94"
 		logic_hash = "27a34e48141fe260c16c12a2652e440d2540ca5f0c84b41c9c4762dcab44ffd4"
 		score = 75
@@ -75191,8 +77044,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_2A2E3B9D : FILE MEMORY
 		date = "2022-11-24"
 		modified = "2023-06-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "38881b87826f184cc91559555a3456ecf00128e01986a9df36a72d60fb179ccf"
 		logic_hash = "c42605ebba900fafb4ec2d34d93bb7adb69e731ce151b82a95889dd0d738da00"
 		score = 75
@@ -75221,8 +77074,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_23489175 : FILE MEMORY
 		date = "2023-06-14"
 		modified = "2023-07-10"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "697742d5dd071add40b700022fd30424cb231ffde223d21bd83a44890e06762f"
 		logic_hash = "be41fc53f7098ca3cf718e8066a488196423ede993466c9a24ad2af387e03b24"
 		score = 75
@@ -75257,8 +77110,8 @@ rule ELASTIC_Macos_Backdoor_Keyboardrecord_832F7Bac : FILE
 		date = "2021-11-11"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6"
 		logic_hash = "5719681d50134edacb5341034314c33ed27e9325de0ae26b2a01d350429c533b"
 		score = 75
@@ -75290,8 +77143,8 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE
 		date = "2022-03-30"
 		modified = "2022-03-30"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4"
 		logic_hash = "bcba74aa20b62329c48060bfebaf49ab12f89f9ec3a09fc0c0cb702de5e2b940"
 		score = 75
@@ -75310,6 +77163,35 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE
 	condition:
 		int16 ( uint32(0x3C)+0x5c)==0x0001 and $original_file_name
 }
+rule ELASTIC_Multi_Generic_Threat_19854Dc2 : FILE MEMORY
+{
+	meta:
+		description = "Detects Multi Generic Threat (Multi.Generic.Threat)"
+		author = "Elastic Security"
+		id = "19854dc2-a568-4f6c-bd47-bcae9976c66f"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Generic_Threat.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "be216fa9cbf0b64d769d1e8ecddcfc3319c7ca8e610e438dcdfefc491730d208"
+		logic_hash = "beed6d6cd7b7b6eb3f4ab6a45fd19f2ebfb661e470d468691b68634994e2eef7"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "64d3803490fa71f720678ca2989cc698ea9b1a398d02d6d671fa01e0ff42f8b5"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "multi"
+
+	strings:
+		$a1 = { 26 2A 73 74 72 75 63 74 20 7B 20 45 6E 74 72 79 53 61 6C 74 20 5B 5D 75 69 6E 74 38 3B 20 4C 65 6E 20 69 6E 74 20 7D }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY
 {
 	meta:
@@ -75319,8 +77201,8 @@ rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Asacub.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Asacub.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15044273a506f825859e287689a57c6249b01bb0a848f113c946056163b7e5f1"
 		logic_hash = "3645e10e5ef8c50e5e82d749da07f5669c5162cb95aa5958ce45a414b870f619"
 		score = 75
@@ -75348,8 +77230,8 @@ rule ELASTIC_Linux_Ransomware_Hive_Bdc7De59 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Hive.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Hive.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771"
 		logic_hash = "33908128258843d63c5dfe5acf15cfd68463f5cbdf08b88ef1bba394058a5a92"
 		score = 75
@@ -75377,8 +77259,8 @@ rule ELASTIC_Linux_Exploit_CVE_2019_13272_583Dd2C0 : FILE MEMORY CVE_2019_13272
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83"
 		logic_hash = "0b25f0d979d2fc3f7d646a9b3eccf2a293b41181b499c790d3e99515fcd09603"
 		score = 75
@@ -75406,8 +77288,8 @@ rule ELASTIC_Windows_Ransomware_Blackbasta_494D3C54 : FILE MEMORY
 		date = "2022-08-06"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "357fe8c56e246ffacd54d12f4deb9f1adb25cb772b5cd2436246da3f2d01c222"
 		logic_hash = "1ecb3c95a2d3f91d267f0b625fffc8477612fde9de3942eff8eb13115c0af6b8"
 		score = 75
@@ -75443,8 +77325,8 @@ rule ELASTIC_Windows_Trojan_M0Yv_92F66467 : FILE MEMORY
 		date = "2023-05-03"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_M0yv.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_M0yv.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0004d22dd18c0239b722c085101c0a32b967159e2066a0b7b9104bb43f5cdea0"
 		logic_hash = "a47b20679aee9559213de22783cfbc55c6091785e4dc288349963e863b78cf41"
 		score = 75
@@ -75474,8 +77356,8 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "22a418e660b5a7a2e0cc1c1f3fe1d150831d75c4fedeed9817a221194522efcf"
 		logic_hash = "3881222807585dc933cb61473751d13297fa7eb085a50d435d3b680354a35ee9"
 		score = 75
@@ -75503,8 +77385,8 @@ rule ELASTIC_Macos_Trojan_Sugarloader_E7E1D99C : FILE MEMORY
 		date = "2023-10-24"
 		modified = "2023-10-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940"
 		logic_hash = "0689b704add81e8e7968d9dba5f60d45c8791209330f4ee97e218f8eeb22c88f"
 		score = 75
@@ -75536,8 +77418,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_1897_6Cf0A073 : FILE MEMORY CVE_2009_1897
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724"
 		logic_hash = "dcde454fda09cb6bc7b213b76d70eafd65d2601cfda70ff25c6940b55ce3adb6"
 		score = 75
@@ -75565,8 +77447,8 @@ rule ELASTIC_Linux_Ransomware_Hellokitty_35731270 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "556e5cb5e4e77678110961c8d9260a726a363e00bf8d278e5302cb4bfccc3eed"
 		logic_hash = "40cb632d6b8561de56f2010a082a24b0c50d4cabed21e073168b5302ddff7044"
 		score = 75
@@ -75596,8 +77478,8 @@ rule ELASTIC_Windows_Ransomware_Ransomexx_Fabff49C : FILE MEMORY
 		date = "2021-08-07"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7"
 		logic_hash = "67d5123b706685ea5ab939aec31cb1549297778d91dd38b14e109945c52da71a"
 		score = 75
@@ -75628,8 +77510,8 @@ rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2"
 		logic_hash = "b7129094389f789f0b43f0da54645c24a6d1149f53d6536c14714e3ff44f935b"
 		score = 75
@@ -75657,8 +77539,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Af6Decc6 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d"
 		logic_hash = "50ec446e8fd51129c7333c943dfe62db099fe1379530441f6b102fcbe3bc0dbd"
 		score = 75
@@ -75687,8 +77569,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_58091F64 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d"
 		logic_hash = "8a7388e9c3dd0dd1a79215dbabcd964a0afa883490611afb6bb500635fbfff9a"
 		score = 75
@@ -75716,8 +77598,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Deb6325C : FILE MEMORY
 		date = "2022-06-28"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27"
 		logic_hash = "94f70c60ed4fab021e013cf6a632321e0e1bdeef25a48a598d9e7388e7e445ca"
 		score = 75
@@ -75748,8 +77630,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9"
 		logic_hash = "aa976158d004d582234a92ff648d4581440f9c933a0abef212d9d837d9607ba4"
 		score = 75
@@ -75777,8 +77659,8 @@ rule ELASTIC_Linux_Trojan_Sckit_A244328F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sckit.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sckit.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "685da66303a007322d235b7808190c3ea78a828679277e8e03e6d8d511df0a30"
 		logic_hash = "8001c9fcf9f8b70c3e27554156b0b26ddcd6cab36bf97cf3b89a4c43c9ad883c"
 		score = 75
@@ -75806,8 +77688,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_1916686D : FILE MEMORY
 		date = "2022-06-23"
 		modified = "2022-12-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e0e7b8ba2865fc76845b21aa3e075ceab98888635a60bd722c0c81e0f4fcf58c"
 		score = 75
 		quality = 75
@@ -75847,8 +77729,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_9B267F96 : FILE MEMORY
 		date = "2022-06-23"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fbaaf4bf2462119b39a5df90b91fb831be3e602b926cd893374a5dddf48f029d"
 		score = 75
 		quality = 75
@@ -75882,8 +77764,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_684A39F2 : FILE MEMORY
 		date = "2023-01-24"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c"
 		logic_hash = "7cb74176e1dbdd248295649568d29c9d88841fcd0c16479b6b7efc71c4a1d706"
 		score = 75
@@ -75918,8 +77800,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_Ade6C9D5 : FILE MEMORY
 		date = "2023-01-24"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4"
 		logic_hash = "8ff8ed1e2b909606fe6aae3f43ad02898d7b3906c3d329a508f6d40490ec75a0"
 		score = 60
@@ -75952,8 +77834,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_4110D879 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e0fbbc548fdb9da83a72ddc1040463e37ab6b8b544bf0d2b206bfff352175afe"
 		logic_hash = "22c27523ddd8183c41da40f7ff908ae5bdee3b482c8a3f70aaa63a4c419e515b"
 		score = 75
@@ -75982,8 +77864,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY
 		date = "2024-02-21"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8165798fec8294523f25aedfc6699faad0c5d75f60bc7cefcbb2fa13dbc656e3"
 		logic_hash = "b86296dafaef1dfa0a41704cafa351694abb0e453e104dfe06836ed599338f38"
 		score = 75
@@ -76011,8 +77893,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5E383Ae0 : FILE MEMORY
 		date = "2024-03-27"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f"
 		logic_hash = "5d87ada1c609e23742c389f8153a9266c4db95be4a5e10b50979aebc993a45e0"
 		score = 75
@@ -76054,8 +77936,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY
 		date = "2024-04-17"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ace6a99d95ef859d4ab74db6900753e754273a12a34721f1aa8f1a9df3d8ec35"
 		logic_hash = "06ffea16a0348f2276f379db150b5f9d2dbdffbcb2eee83c55c27c837ecb1e69"
 		score = 75
@@ -76084,8 +77966,8 @@ rule ELASTIC_Windows_Exploit_Fakepipe_6Bc93551 : FILE MEMORY
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "545a41ccfcd0a4f09c1c62bef2dde61b52fa92abada71ab72b3f4febb9265f75"
 		logic_hash = "daf78c4a2db337f51054e108b5b54c8aa32300eae3bd39c5fc2d4769221c8aea"
 		score = 75
@@ -76116,8 +77998,8 @@ rule ELASTIC_Windows_Vulndriver_Llaccess_C57534E8 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b"
 		logic_hash = "8bf629fd2ce0b1f15c7aacd573659b649dcf968556232683b29d68b27d12e577"
 		score = 75
@@ -76147,8 +78029,8 @@ rule ELASTIC_Linux_Trojan_Sqlexp_1Aa5001E : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "714a520fc69c54bcd422e75f4c3b71ce636cfae7fcec3c5c413d1294747d2dd6"
 		logic_hash = "48c7331c80aa7d918f46d282c6f38b8e780f9b5222cf9304bf1a8bb39cc129ab"
 		score = 75
@@ -76176,8 +78058,8 @@ rule ELASTIC_Windows_Trojan_Caesarkbd_32Bb198B : FILE
 		date = "2022-04-04"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d4335f4189240a3bcafa05fab01f0707cc8e3dd7a2998af734c24916d9e37ca8"
 		logic_hash = "f708706524515f98ebf612ac98318ee7172347096251d9ccd723f439070521de"
 		score = 75
@@ -76205,8 +78087,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_584A227A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c823cb669f1d6cb9258d6f0b187609c226af23396f9c5be26eb479e5722a9d97"
 		logic_hash = "db3b6bbab48074449ae8b404f8fa77d93cde1ab8e57bd4ad981ac2afb8226494"
 		score = 75
@@ -76234,8 +78116,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_Be0Bc02D : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "24c0ba8ad4f543f9b0aff0d0b66537137bc78606b47ced9b6d08039bbae78d80"
 		logic_hash = "67c4f2d875f233b52fcbc24d9225c51af4dc09c27ce3915f0d756202bd4e5867"
 		score = 75
@@ -76263,8 +78145,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_03Ee53D3 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "711eafd09d4e5433be142d54db153993ee55b6c53779d8ec7e76ca534b4f81a5"
 		logic_hash = "e7d9c66621ad3c56f3bb8150c17b10495053d9485b2143750aeefd3c55ab7943"
 		score = 75
@@ -76292,8 +78174,8 @@ rule ELASTIC_Windows_Trojan_Darkcloud_9905Abce : FILE MEMORY
 		date = "2023-05-03"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "500cb8459c19acd5a1144c4b509c14dbddec74ad623896bfe946fde1cd99a571"
 		logic_hash = "27d3841d6acf87f5c9c03d643c7859d9eaf42e49ed0241b761f858c669c4e931"
 		score = 75
@@ -76322,8 +78204,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_B521801B : FILE MEMORY
 		date = "2022-03-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2"
 		logic_hash = "609a0941b118d737124a5cd9c98c007e21557a239cfa3cf97cd3b4348c934f03"
 		score = 75
@@ -76354,8 +78236,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_4Ce9Affb : FILE MEMORY
 		date = "2022-03-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2"
 		logic_hash = "16441eb4617b6b3cb1e7d600959a5cbfe15c72c00361b45551b7ef4c81f78462"
 		score = 75
@@ -76383,8 +78265,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_58A61Aaa : FILE MEMORY
 		date = "2022-03-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2"
 		logic_hash = "7226e2f61bd6f1cca15c1f3f8d8697cb277d1e214f756295ffda5bc16304cc49"
 		score = 75
@@ -76412,8 +78294,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_C7811Ccc : FILE MEMORY
 		date = "2022-03-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2"
 		logic_hash = "e65dc05f6d9289a42c05afdc4da0ce1c18c1129dd87688a277ece925e83d7ef1"
 		score = 75
@@ -76441,8 +78323,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY
 		date = "2021-07-22"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6"
 		logic_hash = "ccfd7edf7625c13eea5b88fa29f9b8d3d873688f328f3e52c0500ac722c84511"
 		score = 75
@@ -76471,8 +78353,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_F2159Bec : FILE MEMORY
 		date = "2021-07-22"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6"
 		logic_hash = "d36cb90b526a291858291d615272baa78881309c83376f4d4cce1768c740ddbc"
 		score = 75
@@ -76500,8 +78382,8 @@ rule ELASTIC_Linux_Cryptominer_Bscope_348B7Fa0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a6fb80d77986e00a6b861585bd4e573a927e970fb0061bf5516f83400ad7c0db"
 		logic_hash = "bc6a59dcc36676273c61fa71231fd8709884beebb7ab64b58f22551393b20c71"
 		score = 75
@@ -76529,8 +78411,8 @@ rule ELASTIC_Windows_Hacktool_Gmer_8Aabdd5E : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7"
 		logic_hash = "acdab89a7703a743927cec60fbc84af2fd469403bee6f211c865fb96e9c92498"
 		score = 75
@@ -76558,8 +78440,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_9D095C44 : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722"
 		logic_hash = "2a2e6325d3de9289cc8bc26e1fe89a8fa81d9aae50b92ba2cf21c4cc6556ac9e"
 		score = 75
@@ -76594,8 +78476,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_Be382Dac : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722"
 		logic_hash = "a13e37e7930d2d1ed1aa4fdeb282f11bfeb7fe008625589e2bfeab0beea43580"
 		score = 75
@@ -76623,8 +78505,8 @@ rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5"
 		logic_hash = "e449b45f3cf2836254614bbdc957aa7093162fc1acd672edd931d5f240503963"
 		score = 75
@@ -76654,8 +78536,8 @@ rule ELASTIC_Macos_Trojan_Hloader_A3945Baf : FILE MEMORY
 		date = "2023-10-23"
 		modified = "2023-10-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1"
 		logic_hash = "0383485b6bbcdae210a6c949f6796023b2f7ec3f1edbd2116207fc2b75a67849"
 		score = 75
@@ -76685,8 +78567,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_A82F5D21 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d76886222de7292e8a76717f6d49452f52aaffb957bb0326bcfc7a35c3fdfc6a"
 		score = 75
 		quality = 75
@@ -76713,8 +78595,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_383C6708 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d9d607f0bbc101f7f6dc0f16328bdd8f6ddb8ae83107b7eee34e1cc02072cb15"
 		logic_hash = "b0fd479722ab0808a4709cbacbb874282c48a425f4dbdaec9f74bc7f839c82e4"
 		score = 75
@@ -76742,8 +78624,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_621054Fe : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "18f22bb0aa66ec2ecdaa9ca0e0d00ee59a2c9a3f231bd71915140e4464a4ea78"
 		score = 75
 		quality = 75
@@ -76770,8 +78652,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_1Bda891E : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "74e7547472117de20159f5b158cee0ccacc02a9aba5e5ad64a52c552c966d539"
 		score = 75
 		quality = 75
@@ -76798,8 +78680,8 @@ rule ELASTIC_Macos_Backdoor_Useragent_1A02Fc3A : FILE MEMORY
 		date = "2021-11-11"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "623f99cbe20af8b79cbfea7f485d47d3462d927153d24cac4745d7043c15619a"
 		logic_hash = "90debdfc24ef100952302808a2e418bca2a46be3e505add9a0ccf4c49aff5102"
 		score = 75
@@ -76831,8 +78713,8 @@ rule ELASTIC_Linux_Hacktool_Fontonlake_68Ad8568 : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "717953f52318e7687fc95626561cc607d4875d77ff7e3cf5c7b21cf91f576fa4"
 		logic_hash = "63dd5769305c715e27e3c62160f7b0f65b57204009ed46383b5b477c67cfac8e"
 		score = 75
@@ -76871,8 +78753,8 @@ rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY
 		date = "2023-10-23"
 		modified = "2023-10-23"
 		reference = "https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "51dd4efcf714e64b4ad472ea556bf1a017f40a193a647b9e28bf356979651077"
 		logic_hash = "65decd519dee947894dd684c52d91202ebe5587acfecc0b8b56cd73f2981e387"
 		score = 75
@@ -76909,8 +78791,8 @@ rule ELASTIC_Windows_Exploit_Perfusion_5Ab5Ddee : FILE MEMORY
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7fdef25acb0d1447203b9768ae58a8e21db24816c602b160d105dab86ae34728"
 		logic_hash = "490f3fc89cf78dbe82f1feb012a147a8d187612720efb6e1eb4e97720b26ee59"
 		score = 75
@@ -76941,8 +78823,8 @@ rule ELASTIC_Windows_Trojan_Sliver_46525B49 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Sliver.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Sliver.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ecce5071c28940a1098aca3124b3f82e0630c4453f4f32e1b91576aac357ac9c"
 		logic_hash = "6e61d82b191a740882bcfeac2f2cf337e19ace7b05784ff041b6af2f79ed8809"
 		score = 75
@@ -76971,8 +78853,8 @@ rule ELASTIC_Windows_Trojan_Sliver_C9Cae357 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Sliver.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Sliver.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "27210d8d6e16c492c2ee61a59d39c461312f5563221ad4a0917d4e93b699418e"
 		logic_hash = "fea862352981787055961b1171de9b69a9c13d246f434809c8f4416d5c49a0ff"
 		score = 75
@@ -77000,8 +78882,8 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Sliver.yar#L42-L61"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Sliver.yar#L42-L61"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc508a3e9ea093200acfc1ceebebb2b56686f4764fd8c94ab8c58eec7ee85c8b"
 		logic_hash = "5ef70322a6ee3dec609d2881b7624d25bc0297a2e6f43ac60834745e6a258cf3"
 		score = 75
@@ -77030,8 +78912,8 @@ rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46"
 		logic_hash = "459429fb4e5156890f19c451e48676c9cd06eaab1c2eaea9236737c795086b5f"
 		score = 75
@@ -77059,8 +78941,8 @@ rule ELASTIC_Linux_Ransomware_Quantum_8513Fb8B : FILE MEMORY
 		date = "2023-07-28"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3bcb9ad92fdca53195f390fc4d8d721b504b38deeda25c1189a909a7011406c9"
 		logic_hash = "7e24be541bafc2427ecd8f76b7774fb65d7421bc300503eeb068b8104e168c70"
 		score = 75
@@ -77089,8 +78971,8 @@ rule ELASTIC_Windows_Trojan_Generic_A681F24A : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa"
 		logic_hash = "72bfefc8f92dbe65d197e02bf896315dcbc54d7b68d0434f43de026ccf934f40"
 		score = 75
@@ -77120,8 +79002,8 @@ rule ELASTIC_Windows_Trojan_Generic_Ae824B13 : REF1296 FILE MEMORY
 		date = "2022-02-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "cee46c1efdaa1815606f932a4f79b316e02c1b481e73c4c2f8b7c72023e8684c"
 		score = 75
 		quality = 67
@@ -77151,8 +79033,8 @@ rule ELASTIC_Windows_Trojan_Generic_Eb47E754 : REF1296 FILE MEMORY
 		date = "2022-02-03"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L45-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L45-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1d96e813ed0261bd0d7caca2803ed8d5fe4d77ea00efc9130eef86aa872c4656"
 		score = 75
 		quality = 67
@@ -77182,8 +79064,8 @@ rule ELASTIC_Windows_Trojan_Generic_C7Fd8D38 : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L67-L89"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L67-L89"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a1702ec12c2bf4a52e11fbdab6156358084ad2c662c8b3691918ef7eabacde96"
 		logic_hash = "81c56cd741692a7f2a894c2b8f2676aad47f14221228b9466a2ab0f05d76c623"
 		score = 75
@@ -77215,8 +79097,8 @@ rule ELASTIC_Windows_Trojan_Generic_Bbe6C282 : FILE MEMORY
 		date = "2022-03-02"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L91-L109"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L91-L109"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1"
 		logic_hash = "fe874d69ae71775cf997845c90e731479569e2ac1ac882a4b8c3c73d015b1f30"
 		score = 75
@@ -77244,8 +79126,8 @@ rule ELASTIC_Windows_Trojan_Generic_889B1248 : FILE MEMORY
 		date = "2022-03-11"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L111-L132"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L111-L132"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53"
 		logic_hash = "b3bb93b95377d6c6606d29671395b78c0954cc47d5cc450436799638d0458469"
 		score = 75
@@ -77276,8 +79158,8 @@ rule ELASTIC_Windows_Trojan_Generic_02A87A20 : FILE MEMORY
 		date = "2022-03-04"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L134-L152"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L134-L152"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033"
 		logic_hash = "610db1b429ed2ecfc552f73ed4782cb56254e6fc98b728ffeff6938fbcce9616"
 		score = 75
@@ -77305,8 +79187,8 @@ rule ELASTIC_Windows_Trojan_Generic_4Fbff084 : FILE MEMORY
 		date = "2023-02-28"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L154-L175"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L154-L175"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7010a69ba77e65e70f4f3f4a10af804e6932c2218ff4abd5f81240026822b401"
 		logic_hash = "47d1a01e0edee3239d99ff1f32eb4cfc77d6e38823fed799a562e142d3d3a22d"
 		score = 75
@@ -77337,8 +79219,8 @@ rule ELASTIC_Windows_Trojan_Generic_73Ed7375 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L177-L196"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L177-L196"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2b17328a3ef0e389419c9c86f81db4118cf79640799e5c6fdc97de0fc65ad556"
 		logic_hash = "7e27c9377d0b2058a2a36da4ac7d37a54c566f3246e69aa356171edae6b478c5"
 		score = 75
@@ -77367,8 +79249,8 @@ rule ELASTIC_Windows_Trojan_Generic_96Cdf3C4 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L198-L217"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L198-L217"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9a4d68de36f1706a3083de7eb41f839d8c7a4b8b585cc767353df12866a48c81"
 		logic_hash = "f92e5549aca320d71e1eec8daa82e8bbf3517c7f23f376bb355fdfa32da2e7a9"
 		score = 75
@@ -77397,8 +79279,8 @@ rule ELASTIC_Windows_Trojan_Generic_F0C79978 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L219-L238"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L219-L238"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8f800b35bfbc8474f64b76199b846fe56b24a3ffd8c7529b92ff98a450d3bd38"
 		logic_hash = "b16971ed0947660dda8d79c11531a9498a80e00f2dbc2c0eb63895b7f5c5f980"
 		score = 75
@@ -77427,8 +79309,8 @@ rule ELASTIC_Windows_Trojan_Generic_40899C85 : FILE MEMORY
 		date = "2023-12-15"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L240-L260"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L240-L260"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88eb4f2e7085947bfbd03c69573fdca0de4a74bab844f09ecfcf88e358af20cc"
 		logic_hash = "317034add0343baa26548712de8b2acc04946385fbee048cea0bd8d7ae642b36"
 		score = 75
@@ -77458,8 +79340,8 @@ rule ELASTIC_Windows_Trojan_Generic_9997489C : FILE MEMORY
 		date = "2024-01-31"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L262-L290"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L262-L290"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "857bbf64ced06f76eb50afbfbb699c62e11625196213c2e5267b828cca911b74"
 		score = 75
 		quality = 75
@@ -77497,8 +79379,8 @@ rule ELASTIC_Windows_Trojan_Generic_2993E5A5 : FILE MEMORY
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L292-L310"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L292-L310"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9f9b926cef69e879462d9fa914dda8c60a01f3d409b55afb68c3fb94bf1a339b"
 		logic_hash = "37a10597d1afeb9411f6c652537186628291cbe6af680abe12bb96591add7e78"
 		score = 75
@@ -77526,8 +79408,8 @@ rule ELASTIC_Windows_Trojan_Generic_0E135D58 : FILE MEMORY
 		date = "2024-03-19"
 		modified = "2024-03-19"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Generic.yar#L312-L330"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Generic.yar#L312-L330"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c"
 		logic_hash = "bc10218b1d761f72836bb5f9bb41d3f0fe13c4baa1109025269f938ec642aec4"
 		score = 75
@@ -77555,8 +79437,8 @@ rule ELASTIC_Linux_Trojan_Lady_75F6392C : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Lady.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Lady.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c257ac7bd3a9639e0d67a7db603d5bc8d8505f6f2107a26c2615c5838cf11826"
 		logic_hash = "5160b6ab4800c72b48b501787f3164c2ba1061a2abe21c63180e02d6791a4c12"
 		score = 75
@@ -77584,8 +79466,8 @@ rule ELASTIC_Windows_Trojan_Emotet_18379A8D : FILE MEMORY
 		date = "2021-11-17"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827"
 		logic_hash = "2ad72ce2a352b91a4fa597ee9e796035298cfcee6fdc13dd3f64579d8da96b97"
 		score = 75
@@ -77613,8 +79495,8 @@ rule ELASTIC_Windows_Trojan_Emotet_5528B3B0 : FILE MEMORY
 		date = "2021-11-17"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L22-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L22-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827"
 		logic_hash = "bb784ab0e064bafa8450b6bb15ef534af38254ea3c096807571c2c27f7cdfd76"
 		score = 75
@@ -77642,8 +79524,8 @@ rule ELASTIC_Windows_Trojan_Emotet_1943Bbf2 : FILE MEMORY
 		date = "2021-11-18"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L43-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L43-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5abec3cd6aa066b1ddc0149a911645049ea1da66b656c563f9a384e821c5db38"
 		logic_hash = "41838e335b9314b8759922f23ec8709f46e6a26633f3685ac98ada5828191d35"
 		score = 75
@@ -77671,8 +79553,8 @@ rule ELASTIC_Windows_Trojan_Emotet_Db7D33Fa : FILE MEMORY
 		date = "2022-05-09"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L64-L90"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L64-L90"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc"
 		logic_hash = "e220c112c15f384fde6fc2286b01c7eb9bedcf4817d02645d0fa7afb05e7b593"
 		score = 75
@@ -77707,8 +79589,8 @@ rule ELASTIC_Windows_Trojan_Emotet_D6Ac1Ea4 : FILE MEMORY
 		date = "2022-05-24"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L92-L114"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L92-L114"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71"
 		logic_hash = "9b37940ea8752c6db52d4f09225de0389438c41468a11a7cda8f28b191192ef9"
 		score = 75
@@ -77739,8 +79621,8 @@ rule ELASTIC_Windows_Trojan_Emotet_77C667B9 : FILE MEMORY
 		date = "2022-11-07"
 		modified = "2022-12-20"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L116-L144"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L116-L144"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572"
 		logic_hash = "f11769fe5e9789b451e8826c5fd22bde5b3eb9f7af1d5fec7eec71700fc1f482"
 		score = 75
@@ -77777,8 +79659,8 @@ rule ELASTIC_Windows_Trojan_Emotet_8B9449C1 : FILE MEMORY
 		date = "2022-11-09"
 		modified = "2022-12-20"
 		reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Emotet.yar#L146-L166"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Emotet.yar#L146-L166"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572"
 		logic_hash = "5501354ebc1d97fe5ce894d5907adb29440f557f2dd235e1e983ae2d109199a2"
 		score = 75
@@ -77807,8 +79689,8 @@ rule ELASTIC_Windows_Vulndriver_Tmcomm_333F3851 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64"
 		logic_hash = "a4464fb7edbacb6d9c8d6b385f9cc28685f0bed40876eecd5a7c87e0707e3025"
 		score = 75
@@ -77838,8 +79720,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Bad95Bd6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8e8be482357ebddc6ac3ea9ee60241d011063f7e558a59e6bd119e72e4862024"
 		logic_hash = "8001e6503baeb52c66c9b30026544913270085406a1fe4c45d14629811d36d5f"
 		score = 75
@@ -77867,8 +79749,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_66A14C03 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2d8e2c34ae95243477820583c0b00dfe3f475811d57ffb95a557a227f94cd55"
 		logic_hash = "c8b2925c2e3f95e78f117ddd52e208d143d19ee75e9283f7f15d10e930eaac5f"
 		score = 75
@@ -77896,8 +79778,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Eb83B6Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dec88576f61f37fbaece3c30e71d338c340c8fb9c231f9d7b1c32510d2c3167"
 		logic_hash = "bc79860e414d07ee8000eea3d61827272d66faa90a8bf6c65fcda90a4bd762ef"
 		score = 75
@@ -77925,8 +79807,8 @@ rule ELASTIC_Windows_Trojan_Deimos_F53Aee03 : FILE MEMORY
 		date = "2021-09-18"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Deimos.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Deimos.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e"
 		logic_hash = "07675844a8790f8485b6545e7466cdef8ac4f92dec4cd8289aeaad2a0a448691"
 		score = 75
@@ -77956,8 +79838,8 @@ rule ELASTIC_Windows_Trojan_Deimos_C70677B4 : FILE MEMORY
 		date = "2021-09-18"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Deimos.yar#L24-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Deimos.yar#L24-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e"
 		logic_hash = "c969221f025b114b9d5738d43b6021ab9481dbc6b35eb129ea4f806160b1adc3"
 		score = 75
@@ -77986,8 +79868,8 @@ rule ELASTIC_Linux_Trojan_Rozena_56651C1D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rozena.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rozena.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "997684fb438af3f5530b0066d2c9e0d066263ca9da269d6a7e160fa757a51e04"
 		logic_hash = "a6d283b0c398cb1004defe7f5669f912112262e5aaf677ae4ca7fd15565cb988"
 		score = 75
@@ -78015,8 +79897,8 @@ rule ELASTIC_Linux_Trojan_Banload_D5E1C189 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Banload.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Banload.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "48bf0403f777db5da9c6a7eada17ad4ddf471bd73ea6cf02817dd202b49204f4"
 		logic_hash = "3f0bee251152a8c835a3bf71dc33c2e150705713c50ca2cfdbeb69361ed91a09"
 		score = 75
@@ -78044,8 +79926,8 @@ rule ELASTIC_Windows_Trojan_Amadey_7Abb059B : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Amadey.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Amadey.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e"
 		logic_hash = "23b75d6df9e2a7f8e1efee46ecaf1fc84247312b19a8a1941ddbca1b2ce5e1db"
 		score = 75
@@ -78073,8 +79955,8 @@ rule ELASTIC_Windows_Trojan_Amadey_C4Df8D4A : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Amadey.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Amadey.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2"
 		logic_hash = "7f96c4de585223033fb7e7906be6d6898651ecf30be51ed01abde18ef52c0e1e"
 		score = 75
@@ -78102,8 +79984,8 @@ rule ELASTIC_Windows_Vulndriver_Mhyprot_26214176 : FILE
 		date = "2022-08-25"
 		modified = "2022-08-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6"
 		logic_hash = "61d1713c689b9d663f2d3360d07735b07ca10365b5ce424b2df726bd6cc434d3"
 		score = 75
@@ -78134,8 +80016,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_79D52Efd : FILE MEMORY CVE_2010_3301
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970"
 		logic_hash = "1d4eb14042f552aa1577d0fe452e92c25bda66d0ad1a66e824677bee65908578"
 		score = 75
@@ -78163,8 +80045,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_D0Eb0924 : FILE MEMORY CVE_2010_3301
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b"
 		logic_hash = "5229be3d1997ee4d05846d6804ffafd36c088dd8607a1fba39a0a43950e448c1"
 		score = 75
@@ -78192,8 +80074,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_A5828970 : FILE MEMORY CVE_2010_3301
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83"
 		logic_hash = "61b0cb38a6e14efee157547e811450d2ed4674f79ac86656a8d984084f71a665"
 		score = 75
@@ -78221,8 +80103,8 @@ rule ELASTIC_Windows_Trojan_Ghostengine_8Ea2Aa65 : FILE MEMORY
 		date = "2024-05-07"
 		modified = "2024-05-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2fe78941d74d35f721556697491a438bf3573094d7ac091b42e4f59ecbd25753"
 		logic_hash = "3bddd2ac79d92d34df5d2df4a11cf96cc44ca39c3baece1b5c67b75a682778ff"
 		score = 75
@@ -78257,8 +80139,8 @@ rule ELASTIC_Linux_Exploit_Sorso_Ecf99F8F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Sorso.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Sorso.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd"
 		logic_hash = "c771ff109e548e37134cd76ac668f0d4abafcf262de12b00236ad94fc11a99d1"
 		score = 75
@@ -78286,8 +80168,8 @@ rule ELASTIC_Linux_Exploit_Sorso_91A4D487 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Sorso.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Sorso.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd"
 		logic_hash = "bb58c78ae3cc730aa1ef32974f65adabd63972ef181696aeb79954f904f2f405"
 		score = 75
@@ -78315,8 +80197,8 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Sorso.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Sorso.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd"
 		logic_hash = "a8bc8a2c8405b80b160ad21898003781405a762c0e627f13b34e9362e0aa51a1"
 		score = 75
@@ -78344,8 +80226,8 @@ rule ELASTIC_Linux_Trojan_Ebury_7B13E9B6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ebury.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ebury.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "30d126ffc5b782236663c23734f1eef21e1cc929d549a37bba8e1e7b41321111"
 		score = 75
 		quality = 75
@@ -78372,8 +80254,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_70557305 : FILE MEMORY
 		date = "2021-08-08"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ad13fd7968f9574d2c822e579291c77a0c525991cfb785cbe6cdd500b737218"
 		logic_hash = "f3eee9808a1e8a2080116dda7ce795815e1179143c756ea8fdd26070f1f8f74a"
 		score = 75
@@ -78406,8 +80288,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY
 		date = "2021-08-08"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b55042e06f218546db5ddc52d140be4303153d592dcfc1ce90e6077c05e77f7"
 		logic_hash = "64b2099f40f94b17bc5860b41773c41322420500696d320399ff1c016cb56e15"
 		score = 75
@@ -78426,6 +80308,115 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Trojan_Mettle_E8Fdbcbd : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Mettle (Linux.Trojan.Mettle)"
+		author = "Elastic Security"
+		id = "e8fdbcbd-84d3-4c42-986b-c8d5d940a96a"
+		date = "2024-05-06"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mettle.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58"
+		logic_hash = "d13c1e7fb815ebbefa78922e9b85a1ced015c03b8f1b2cf1885a9c483b8e0ab3"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "2038686308a77286ed5d13b408962075933da7ca5772d46b65e5f247193036b5"
+		severity = 100
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$mettle1 = "mettlesploit!"
+		$mettle2 = "/mettle/mettle/src/"
+		$mettle3 = "mettle_get_c2"
+		$mettle4 = "mettle_console_start_interactive"
+		$mettle5 = "mettle_get_machine_id"
+
+	condition:
+		2 of ($mettle*)
+}
+rule ELASTIC_Linux_Trojan_Mettle_813B9B6C : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Mettle (Linux.Trojan.Mettle)"
+		author = "Elastic Security"
+		id = "813b9b6c-946d-46f0-a255-d06ab78347d4"
+		date = "2024-05-06"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mettle.yar#L25-L52"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "bb651d974ca3f349858db7b5a86f03a8d47d668294f27e709a823fa11e6963d7"
+		logic_hash = "a6a9cf424bf1ca7985e1c4b14123ed236208ffa3f7c9ffebbdd85765a90bfa54"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "6b350abfda820ee4c6e7aa84f732ab4527c454b93ae13363747f024bb8c5e3b4"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$process_set_nonblocking_stdio = { 55 89 E5 53 83 EC 08 E8 ?? ?? ?? ?? 81 C3 3D 32 0D 00 6A 00 6A 03 6A 00 E8 ?? ?? ?? ?? 83 C4 0C 80 CC 08 50 6A 04 6A 00 E8 ?? ?? ?? ?? 83 C4 0C 6A 00 6A 03 6A 01 E8 ?? ?? ?? ?? 83 C4 0C 80 CC 08 50 6A 04 6A 01 E8 }
+		$process_create = { 55 89 E5 57 56 53 81 EC 98 00 00 00 E8 ?? ?? ?? ?? 81 C3 A6 3B 0D 00 89 45 84 89 95 78 FF FF FF 89 4D 80 8B 7D 0C 8D 45 ?? 50 E8 ?? ?? ?? ?? 83 C4 10 40 0F ?? ?? ?? ?? ?? 50 50 68 B4 00 00 00 6A 01 E8 ?? ?? ?? ?? 89 C6 83 C4 10 85 C0 0F ?? ?? ?? ?? ?? F6 47 14 80 74 ?? 6A 00 6A 00 6A 00 8D 45 ?? 50 E8 ?? ?? ?? ?? 89 85 7C FF FF FF }
+		$process_read = { 55 89 E5 57 56 53 83 EC 1C E8 ?? ?? ?? ?? 81 C3 90 30 0D 00 8B 4D 08 8B 7D 0C 8B 75 10 83 C8 FF 85 C9 74 ?? 52 56 57 FF 71 24 89 4D E4 E8 ?? ?? ?? ?? 89 C2 83 C4 10 39 C6 8B 4D E4 76 ?? 50 29 D6 56 01 D7 89 55 E4 57 FF 71 48 E8 ?? ?? ?? ?? 8B 55 E4 01 C2 83 C4 10 89 D0 8D 65 ?? 5B 5E 5F 5D C3 }
+		$file_new = { 83 C4 10 52 52 50 FF 76 0C E8 ?? ?? ?? ?? 89 34 24 E8 ?? ?? ?? ?? 83 C4 10 8D 65 ?? 5B 5E 5F 5D C3 }
+		$file_read = { 55 89 E5 53 83 EC 10 E8 ?? ?? ?? ?? 81 C3 41 A7 0D 00 FF 75 08 E8 ?? ?? ?? ?? 50 FF 75 10 6A 01 FF 75 0C E8 ?? ?? ?? ?? 8B 5D FC C9 C3 }
+		$file_seek = { 55 89 E5 53 83 EC 10 E8 ?? ?? ?? ?? 81 C3 C0 A6 0D 00 FF 75 08 E8 ?? ?? ?? ?? 83 C4 0C FF 75 10 FF 75 0C 50 E8 ?? ?? ?? ?? 8B 5D FC C9 C3 }
+		$func_write_audio_file = { 55 89 E5 57 56 53 83 EC 18 E8 ?? ?? ?? ?? 81 C3 D8 23 0D 00 FF 75 08 E8 ?? ?? ?? ?? 89 C6 8B 45 10 03 06 89 06 5A 59 50 FF 76 04 E8 ?? ?? ?? ?? 89 C7 89 46 04 83 C4 10 83 C8 FF 85 FF 74 ?? 2B 7D 10 8B 06 01 F8 89 C7 8B 75 0C 8B 4D 10 F3 ?? 8B 45 10 8D 65 ?? 5B 5E 5F 5D C3 }
+		$func_is_compatible_elf = { 55 89 E5 56 53 E8 ?? ?? ?? ?? 81 C3 CF AB 05 00 8B 55 08 31 C0 81 3A 7F 45 4C 46 75 ?? 80 7A 04 01 75 ?? 0F B6 72 05 83 EC 0C 6A 01 E8 ?? ?? ?? ?? 83 C4 10 48 0F 94 C0 0F B6 C0 40 39 C6 0F 94 C0 0F B6 C0 83 E0 01 8D 65 ?? 5B 5E 5D C3 }
+		$func_stack_setup = { 89 DA 31 C0 8B 0C 86 85 C9 8D 40 ?? 74 ?? 89 0A 83 C2 04 EB ?? C7 02 00 00 00 00 C7 04 83 00 00 00 00 EB ?? 83 EC 0C 53 E8 ?? ?? ?? ?? 83 C4 10 8B 45 DC 89 45 10 8B 45 E0 89 45 0C 89 5D 08 8D 65 ?? 5B 5E 5F 5D }
+		$func_c2_new_struct = { C7 46 14 00 00 00 00 C7 46 10 00 00 00 00 C7 46 18 00 00 00 00 8D 83 ?? ?? ?? ?? 89 46 20 C7 46 24 00 00 00 00 C7 46 28 00 00 00 00 C7 46 2C 00 00 00 00 C7 46 30 00 00 F0 3F 89 76 1C 83 EC 0C 56 E8 }
+
+	condition:
+		2 of ($process*) and 2 of ($file*) and 2 of ($func*)
+}
+rule ELASTIC_Linux_Trojan_Mettle_78Aead1C : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Mettle (Linux.Trojan.Mettle)"
+		author = "Elastic Security"
+		id = "78aead1c-7dc2-4db0-a0b8-cccf2d583c67"
+		date = "2024-05-06"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mettle.yar#L54-L81"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58"
+		logic_hash = "d68d37379b8a3a2d242030fd14884781488e9785823aa25fedfdd406748f8039"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "bf2b8bd0e12905ab4bed94c70dbd854a482446909ba255fceaee309efd69b835"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$process_set_nonblocking_stdio = { 48 83 EC 08 31 D2 BE 03 00 00 00 31 FF 31 C0 E8 ?? ?? ?? ?? 80 CC 08 BE 04 00 00 00 31 FF 89 C2 31 C0 E8 ?? ?? ?? ?? 31 D2 BE 03 00 00 00 BF 01 00 00 00 31 C0 E8 ?? ?? ?? ?? 80 CC 08 BE 04 00 00 00 BF 01 00 00 00 89 C2 31 C0 E8 }
+		$process_create = { 41 57 41 56 49 89 CE 41 55 41 54 4D 89 C5 55 53 48 89 FB 48 89 D5 48 81 EC 88 00 00 00 48 8D ?? ?? ?? 48 89 34 24 E8 ?? ?? ?? ?? FF C0 0F ?? ?? ?? ?? ?? BE 20 01 00 00 BF 01 00 00 00 E8 ?? ?? ?? ?? 48 85 C0 49 89 C7 0F ?? ?? ?? ?? ?? 41 F6 45 28 80 74 ?? 48 8D ?? ?? ?? 31 C9 31 D2 31 F6 E8 ?? ?? ?? ?? 85 C0 }
+		$process_read = { 48 85 FF 74 ?? 41 55 41 54 49 89 FD 55 53 48 89 D5 49 89 F4 48 83 EC 08 48 8B 7F 38 E8 ?? ?? ?? ?? 48 39 C5 48 89 C3 76 ?? 49 8B 7D 70 48 89 EA 49 8D ?? ?? 48 29 C2 E8 ?? ?? ?? ?? 48 01 C3 5A 48 89 D8 5B 5D 41 5C 41 5D C3 }
+		$file_new = { 41 54 55 48 89 F5 53 48 89 FB 48 8B 7F 10 BE B2 04 01 00 E8 ?? ?? ?? ?? 48 8B 7B 10 BE B3 04 01 00 49 89 C4 E8 ?? ?? ?? ?? 48 85 C0 75 ?? 48 8D ?? ?? ?? ?? ?? 48 89 C6 4C 89 E7 E8 ?? ?? ?? ?? 83 CA FF 48 85 C0 74 ?? 48 89 C6 48 89 EF E8 ?? ?? ?? ?? 31 D2 5B 89 D0 5D 41 5C C3 }
+		$file_read = { 53 48 89 F3 48 83 EC 10 48 89 54 24 08 E8 ?? ?? ?? ?? 48 8B 54 24 08 48 83 C4 10 48 89 DF 5B 48 89 C1 BE 01 00 00 00 E9 }
+		$file_seek = { 48 83 EC 18 48 89 74 24 08 89 54 24 04 E8 ?? ?? ?? ?? 8B 54 24 04 48 8B 74 24 08 48 89 C7 48 83 C4 18 E9 }
+		$func_write_audio_file = { 41 54 55 49 89 F4 53 48 89 D3 E8 ?? ?? ?? ?? 48 8B 30 48 8B 78 08 48 89 C5 48 01 DE 48 89 30 E8 ?? ?? ?? ?? 48 89 C7 48 89 45 08 48 83 C8 FF 48 85 FF 74 ?? 48 8B 45 00 48 29 DF 4C 89 E6 48 89 D9 48 01 F8 48 89 C7 48 89 D8 F3 ?? 5B 5D 41 5C C3 }
+		$func_is_compatible_elf = { 31 C0 81 3F 7F 45 4C 46 75 ?? 80 7F 04 02 75 ?? 53 0F B6 5F 05 BF 01 00 00 00 E8 ?? ?? ?? ?? FF C8 0F 94 C0 0F B6 C0 FF C0 39 C3 0F 94 C0 0F B6 C0 83 E0 01 5B C3 83 E0 01 C3 }
+		$func_stack_setup = { 48 89 EA 31 C0 49 8B 0C C0 48 FF C0 48 85 C9 74 ?? 48 89 0A 48 83 C2 08 EB ?? 48 C7 02 00 00 00 00 48 C7 44 C5 00 00 00 00 00 EB ?? 48 89 EF 4C 89 4C 24 08 E8 ?? ?? ?? ?? 4C 8B 4C 24 08 48 83 C4 10 48 89 DA 48 89 EF 5B 5D 41 5C 4C 89 CE }
+		$func_c2_new_struct = { 48 89 DF 48 C7 43 20 00 00 00 00 C7 43 28 00 00 00 00 48 C7 43 40 00 00 00 00 48 89 43 38 48 8B 05 D1 BE 09 00 48 89 5B 30 48 89 43 48 E8 }
+
+	condition:
+		2 of ($process*) and 2 of ($file*) and 2 of ($func*)
+}
 rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156
 {
 	meta:
@@ -78435,8 +80426,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156
 		date = "2021-09-15"
 		modified = "2021-09-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "65fb8baa5ec3bfb4473e4b2f565b461dd59989d43c72b1c5ec2e1a68baa8b51a"
 		logic_hash = "cc80e0b2355877cd9ceecae19d4dcebb641d90a24c0751bf706134b31bf26750"
 		score = 75
@@ -78465,8 +80456,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_7F5672D0 : FILE CVE_2021_3156
 		date = "2021-09-15"
 		modified = "2021-09-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1a4517d2582ac97b88ae568c23e75beba93daf8518bd3971985d6a798049fd61"
 		logic_hash = "e25907f11a2f292441a96e19834ad89636593a3f8998ec0010e43830f5aa0c64"
 		score = 75
@@ -78499,8 +80490,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_59E029C3 : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3"
 		logic_hash = "64620a3404b331855d0b8018c1626c88cb28380785beac1a391613ae8dc1b1bf"
 		score = 75
@@ -78532,8 +80523,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_0F768F60 : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155"
 		logic_hash = "1aaa74c2d8fbb230cbfc0e08fd6865b5f7e90e4abcdb97121e52afb7569b2dbc"
 		score = 75
@@ -78566,8 +80557,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_8453771B : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78"
 		logic_hash = "546e5c56ceb6b99db14dc225a2ec4872cb54859a0f2f6ad520d4f446793e031e"
 		score = 75
@@ -78602,8 +80593,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F690Fe3B : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78"
 		logic_hash = "35c6be75348a30f415a1a4bb94ae7e3a2f49f54a0fb3ddc4bae1aa3e03c1a909"
 		score = 75
@@ -78631,8 +80622,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_1A7D804B : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925"
 		logic_hash = "b0c4b168d92947e599e8c74d0ae6a91766c8a034c34e9c07e2472620c9b61037"
 		score = 75
@@ -78667,8 +80658,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_E14B0B79 : FILE MEMORY
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a"
 		logic_hash = "7cdf111ae253bffef7243ad3722f1a79f81f45d80f938f9542af8e056f75d3fc"
 		score = 75
@@ -78700,8 +80691,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F1Cd26Ad : FILE MEMORY
 		date = "2023-05-11"
 		modified = "2023-05-16"
 		reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "afa8a32ec29a31f152ba20a30eb483520fe50f2dce6c9aa9135d88f7c9c511d7"
 		logic_hash = "ad3e130d5a1203c55b5c8d369c7d9989f66f76c9bd57e2314a30f4c931e4b98d"
 		score = 75
@@ -78731,8 +80722,8 @@ rule ELASTIC_Linux_Trojan_Sysrv_85097F24 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "17fbc8e10dea69b29093fcf2aa018be4d58fe5462c5a0363a0adde60f448fb26"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "96bee8b9b0e9c2afd684582301f9e110fd08fcabaea798bfb6259a4216f69be1"
 		score = 75
 		quality = 75
@@ -78759,8 +80750,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_C3522Fd0 : BETA FILE MEMORY
 		date = "2020-11-03"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "00d28aafd242308ad6561547ed8c80dad3086859dacab09ffdd43d436bf9ec52"
 		score = 75
 		quality = 75
@@ -78790,8 +80781,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_A6C09942 : BETA FILE MEMORY
 		date = "2020-11-03"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "cecdeb21e041c90769b8fd8431fa87943461c1f7faa5ad15918524b91ba5c792"
 		score = 75
 		quality = 75
@@ -78820,8 +80811,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_E19Feca1 : BETA FILE MEMORY
 		date = "2020-11-03"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1f5a69b6749e887a5576843abb83388d5364e47601cf11fcac594008ace8e973"
 		score = 75
 		quality = 75
@@ -78861,8 +80852,8 @@ rule ELASTIC_Windows_Trojan_Doorme_246Eda61 : FILE MEMORY
 		date = "2022-12-09"
 		modified = "2022-12-15"
 		reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "96b226e1dcfb8ea2155c2fa508125472c8c767569d009a881ab4c39453e4fe7f"
 		logic_hash = "01240f2e23904498c34ec805cc8bc3e9ac7b76c6519685ef6b367066f1a0bc5b"
 		score = 75
@@ -78894,9 +80885,9 @@ rule ELASTIC_Windows_Trojan_Warmcookie_7D32Fa90 : FILE MEMORY
 		id = "7d32fa90-c6e0-4a4b-bc21-51d82c57721e"
 		date = "2024-04-29"
 		modified = "2024-05-08"
-		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L31"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		reference = "https://www.elastic.co/security-labs/dipping-into-danger"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13"
 		logic_hash = "ed3be6e5c6127ef87f9ef6fe35b17815b96706e8e73a393ee9b0a8e3b0cd8f66"
 		score = 75
@@ -78936,8 +80927,8 @@ rule ELASTIC_Windows_Trojan_P8Loader_E478A831 : FILE MEMORY
 		date = "2023-04-13"
 		modified = "2023-05-26"
 		reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f1a7de6bb4477ea82c18aea1ddc4481de2fc362ce5321f4205bb3b74c1c45a7e"
 		score = 75
 		quality = 75
@@ -78971,8 +80962,8 @@ rule ELASTIC_Linux_Trojan_Snessik_D166F98C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Snessik.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Snessik.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3ececc2edfff2f92d80ed3a5140af55b6bebf7cae8642a0d46843162eeddddd"
 		logic_hash = "44f15a87d48338aafa408d4bcabef844c8864cd95640ad99208b5035e28ccd27"
 		score = 75
@@ -79000,8 +80991,8 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Snessik.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Snessik.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e24749b07f824a4839b462ec4e086a4064b29069e7224c24564e2ad7028d5d60"
 		logic_hash = "4850530a0566844447f56f4e5cb43c5982b1dcb784bb1aef3e377525b8651ed3"
 		score = 75
@@ -79029,8 +81020,8 @@ rule ELASTIC_Windows_Rootkit_R77_5Bab748B : FILE MEMORY
 		date = "2022-03-04"
 		modified = "2022-04-12"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c"
 		logic_hash = "ebf851ef41fde8e3118acc742cd2b38651f662a00f11dd6f7c65cf56019c43d5"
 		score = 75
@@ -79058,8 +81049,8 @@ rule ELASTIC_Windows_Rootkit_R77_Eb366Abc : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L22-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "21e7f69986987fc75bce67c4deda42bd7605365bac83cf2cecb25061b2d86d4f"
 		logic_hash = "3d6f1c60bf749c53f4a4fcfd6490d309e4450d5f7e64de4665c3d80af1bce44f"
 		score = 75
@@ -79088,8 +81079,8 @@ rule ELASTIC_Windows_Rootkit_R77_99050E7D : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L44-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L44-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3dc94c88caa3169e096715eb6c2e6de1b011120117c0a51d12f572b4ba999ea6"
 		logic_hash = "0fedf4698cc652076090b1fe256d05d2c0bc3ad2ab7ed5faa270c5c7fe0efca1"
 		score = 75
@@ -79118,8 +81109,8 @@ rule ELASTIC_Windows_Rootkit_R77_Be403E3C : FILE MEMORY
 		date = "2023-05-18"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L66-L85"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L66-L85"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91c6e2621121a6871af091c52fafe41220ae12d6e47e52fd13a7b9edd8e31796"
 		logic_hash = "efbf924c7a299f2543c639b6262007eb3bdbf6ff5e33dab7d6102814b9477811"
 		score = 75
@@ -79147,8 +81138,8 @@ rule ELASTIC_Windows_Rootkit_R77_Ee853C9F : FILE MEMORY
 		date = "2023-05-18"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L87-L112"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L87-L112"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "916c805b0d512dd7bbd88f46632d66d9613de61691b4bd368e4b7cb1f0ac7f60"
 		logic_hash = "94f080f310ecace76da32ba2b4edcc80dedfb339113823708167c1d842db8cf3"
 		score = 75
@@ -79182,8 +81173,8 @@ rule ELASTIC_Windows_Rootkit_R77_D0367E28 : FILE MEMORY
 		date = "2023-05-18"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Rootkit_R77.yar#L114-L141"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Rootkit_R77.yar#L114-L141"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "96849108e13172d14591169f8fdcbf8a8aa6be05b7b6ef396d65529eacc02d89"
 		logic_hash = "588b18c54c344ca267b86143df20c7dcaab081e0ef6acae0bd0dae61593eb521"
 		score = 75
@@ -79219,8 +81210,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_Aaf312C3 : FILE MEMORY
 		date = "2022-02-02"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479"
 		logic_hash = "0771ab5a795af164a568bda036cccf08afeb33458f2cd5a7240349fca9b60ead"
 		score = 75
@@ -79249,8 +81240,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_00E525D7 : FILE MEMORY
 		date = "2022-02-02"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479"
 		logic_hash = "e44625d0fa8308b9d4d63a9e6920b4da4a2ce124437f122b2c8fe5cf0ab85a6b"
 		score = 75
@@ -79281,8 +81272,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_C4B043E6 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45b8678f74d29c87e2d06410245ab6c2762b76190594cafc9543fb9db90f3d4f"
 		logic_hash = "1262ca76581920f08a6482ead68023fdfff08a9ddd19e00230054e3167dc184c"
 		score = 75
@@ -79310,8 +81301,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_70171625 : FILE MEMORY
 		date = "2023-01-05"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479"
 		logic_hash = "fd07acd7c8627754f000c44827848bf65bcaa96f2dfb46e41542f3c9b40eee78"
 		score = 75
@@ -79347,8 +81338,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_E066D802 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00360830bf5886288f23784b8df82804bf6f22258e410740db481df8a7701525"
 		logic_hash = "00fbb8013faf26c35b6cd8a72ebc246444c37c5ec7a0df2295830e96c01c8720"
 		score = 75
@@ -79378,8 +81369,8 @@ rule ELASTIC_Linux_Webshell_Generic_E80Ff633 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Webshell_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Webshell_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7640ba6f2417931ef901044152d5bfe1b266219d13b5983d92ddbdf644de5818"
 		logic_hash = "d345e6ce3e51ed55064aafb1709e9bee7ef2ce87ec80165ac1b58eebd83cefee"
 		score = 75
@@ -79407,8 +81398,8 @@ rule ELASTIC_Linux_Webshell_Generic_41A5Fa40 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "18ac7fbc3d8d3bb8581139a20a7fee8ea5b7fcfea4a9373e3d22c71bae3c9de0"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Webshell_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Webshell_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "574148bc58626aac00add1989c65ad56315c7e2a8d27c7b96be404d831a7a576"
 		score = 75
 		quality = 73
@@ -79435,8 +81426,8 @@ rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY
 		date = "2024-03-27"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Certify.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Certify.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3c7f759a6c38d0c0780fba2d43be6dcf9e4869d54b66f16c0703ec8e58124953"
 		logic_hash = "e1d37ad683bfbe34433dc5e13ae2cf7c873fed640e1c58a3b0274b4b34900e53"
 		score = 75
@@ -79472,8 +81463,8 @@ rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY
 		date = "2021-09-15"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "af7dbc84efeb186006d75d095f54a266f59e6b2348d0c20591da16ae7b7d509a"
 		logic_hash = "b0330adf1d4420ddf1f302974d2e4179f52ab1c8dc2f294ddf52286d714e0463"
 		score = 75
@@ -79505,8 +81496,8 @@ rule ELASTIC_Windows_Ransomware_Lockfile_74185716 : FILE MEMORY
 		date = "2021-08-31"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce"
 		logic_hash = "e922c2fc9dd52dd0238847a9d48691bea90d028cf680fc3a1a0dbdfef1d8dce3"
 		score = 75
@@ -79537,8 +81528,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_21269Be4 : FILE MEMORY
 		date = "2022-05-09"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f"
 		logic_hash = "a8a2cae51a31e48ffe729df61ec96e3257f9c997ad5234075f85ed55de96f11d"
 		score = 75
@@ -79568,8 +81559,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_98F3C0Be : FILE MEMORY
 		date = "2022-05-09"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f"
 		logic_hash = "d578515fece7bd464bb09cc5ddb5caf70f4022e8b10388db689e67e662d57f66"
 		score = 75
@@ -79605,8 +81596,8 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY
 		date = "2022-03-02"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "177875c756a494872c516000beb6011cec22bd9a73e58ba6b2371dba2ab8c337"
 		logic_hash = "5abac5e32e55467710842e19c25cab5c7f1cdb0f8a68fb6808d54467c69ebdf6"
 		score = 75
@@ -79639,8 +81630,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_99487621 : FILE MEMORY
 		date = "2023-03-29"
 		modified = "2023-03-30"
 		reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973"
 		logic_hash = "9a441c47e8b95d8aaec6f495d6ddfec2ed6b0762637ea48e64c9ea01b0945019"
 		score = 75
@@ -79674,8 +81665,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_8B07C275 : FILE MEMORY
 		date = "2023-03-29"
 		modified = "2023-03-30"
 		reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973"
 		logic_hash = "64e8bd8929c9fb8cae16f772e3266b02b4ddec770ff8d5379a93a483eb8ff660"
 		score = 75
@@ -79704,8 +81695,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_Ac021Ae0 : FILE MEMORY
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "033eabdd8ce8ecc4e1a657161c1f298c7dfe536ee2dbf9375cfda894638a7bee"
 		score = 75
 		quality = 75
@@ -79740,8 +81731,8 @@ rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "df430ab9f5084a3e62a6c97c6c6279f2461618f038832305057c51b441c648d9"
 		logic_hash = "1ef7267438b8d15ed770f0784a7d428cbc2680144b0ef179337875d5b4038d08"
 		score = 75
@@ -79770,8 +81761,8 @@ rule ELASTIC_Linux_Generic_Threat_Ea5Ade9A : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L22-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L22-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d75189d883b739d9fe558637b1fab7f41e414937a8bae7a9d58347c223a1fcaa"
 		logic_hash = "12a9b5e54d6d528ecb559b6e2ea3aa72effa7f0efbf2c33581a4efedc292e4c1"
 		score = 75
@@ -79799,8 +81790,8 @@ rule ELASTIC_Linux_Generic_Threat_80Aea077 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L42-L60"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L42-L60"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "002827c41bc93772cd2832bc08dfc413302b1a29008adbb6822343861b9818f0"
 		logic_hash = "cab860ad5f0c49555adb845504acb4dbeabb94dbc287202be35020e055e6f27b"
 		score = 75
@@ -79828,8 +81819,8 @@ rule ELASTIC_Linux_Generic_Threat_2E214A04 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L62-L81"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L62-L81"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cad65816cc1a83c131fad63a545a4bd0bdaa45ea8cf039cbc6191e3c9f19dead"
 		logic_hash = "0d29aa6214b0a05f9af10cdc080ffa33452156e13c057f31997630cebcda294a"
 		score = 75
@@ -79858,8 +81849,8 @@ rule ELASTIC_Linux_Generic_Threat_0B770605 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L83-L102"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L83-L102"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "99418cbe1496d5cd4177a341e6121411bc1fab600d192a3c9772e8e6cd3c4e88"
 		logic_hash = "d4aae755870765a119ee7ae648d4388e0786e8ab6f7f196d81c6356be7d0ddfb"
 		score = 75
@@ -79888,8 +81879,8 @@ rule ELASTIC_Linux_Generic_Threat_92064B27 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L104-L122"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L104-L122"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8e5cfcda52656a98105a48783b9362bad22f61bcb6a12a27207a08de826432d9"
 		logic_hash = "adb9ed7280065f77440bd1e106bc800ebe6251119151cd54b76dc2917b013f65"
 		score = 75
@@ -79917,8 +81908,8 @@ rule ELASTIC_Linux_Generic_Threat_De6Be095 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L124-L143"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L124-L143"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2431239d6e60ca24a5440e6c92da62b723a7e35c805f04db6b80f96c8cf9fee6"
 		logic_hash = "cbd7578830169703b047adb1785b05d226f2507a65c203ee344d8e2b3a24f6c9"
 		score = 75
@@ -79947,8 +81938,8 @@ rule ELASTIC_Linux_Generic_Threat_898D9308 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L145-L164"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L145-L164"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ce89863a16787a6f39c25fd15ee48c4d196223668a264217f5d1cea31f8dc8ef"
 		logic_hash = "8b5deedf18d660d0b76dc987843ff5cc01432536a04ab4925e9b08269fd847e4"
 		score = 75
@@ -79977,8 +81968,8 @@ rule ELASTIC_Linux_Generic_Threat_23D54A0E : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L166-L185"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L166-L185"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257"
 		logic_hash = "7e52eaf9c49bd6cbdb89b0c525b448864e1ea55d00bc052898613174fe5956cc"
 		score = 75
@@ -80007,8 +81998,8 @@ rule ELASTIC_Linux_Generic_Threat_D7802B0A : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L187-L205"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L187-L205"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257"
 		logic_hash = "3e1452204fef11d63870af5f143ae73f4b8e5a4db83a53851444fbf8a0ea6a26"
 		score = 75
@@ -80036,8 +82027,8 @@ rule ELASTIC_Linux_Generic_Threat_08E4Ee8C : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L207-L225"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L207-L225"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea"
 		logic_hash = "a927415afbab32adee49a583fc35bc3d44764f87bbbb3497b38af6feb92cd9a8"
 		score = 75
@@ -80065,8 +82056,8 @@ rule ELASTIC_Linux_Generic_Threat_D60E5924 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L227-L246"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L227-L246"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fdcc2366033541053a7c2994e1789f049e9e6579226478e2b420ebe8a7cebcd3"
 		logic_hash = "012111e4a38c1f901dcd830cc26ef8dcfbde7986fcc8b8eebddb8d8b7a0cec6a"
 		score = 75
@@ -80095,8 +82086,8 @@ rule ELASTIC_Linux_Generic_Threat_6Bed4416 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L248-L266"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L248-L266"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257"
 		logic_hash = "c098e27a12d5d10af67d1b78572bc7daeb500504527428366e1d9a4e55e0f4d7"
 		score = 75
@@ -80124,8 +82115,8 @@ rule ELASTIC_Linux_Generic_Threat_Fc5B5B86 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L268-L286"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L268-L286"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "134b063d9b5faed11c6db6848f800b63748ca81aeca46caa0a7c447d07a9cd9b"
 		logic_hash = "a11ed323df7283188cf99ca89abbd18673fef88660df1150d4dc72de04a836a8"
 		score = 75
@@ -80153,8 +82144,8 @@ rule ELASTIC_Linux_Generic_Threat_2C8D824C : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L288-L306"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L288-L306"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9106bdd27e67d6eebfaec5b1482069285949de10afb28a538804ce64add88890"
 		logic_hash = "c8fc90ec5e93ff39443f513e83f34140819a30b737da2a412ba97a7b221ca9dc"
 		score = 75
@@ -80182,8 +82173,8 @@ rule ELASTIC_Linux_Generic_Threat_936B24D5 : FILE MEMORY
 		date = "2024-01-18"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L308-L326"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L308-L326"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fb8eb0c876148a4199cc873b84fd9c1c6abc1341e02d118f72ffb0dae37592a4"
 		logic_hash = "972bbc4950c49ff7bc880b1d24b586072eb8541584b97a00ac501fac133a3157"
 		score = 75
@@ -80211,8 +82202,8 @@ rule ELASTIC_Linux_Generic_Threat_98Bbca63 : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L328-L347"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L328-L347"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d4d3d8e089dcca348bb4a5115ee2991575c70584dce674da13b738dd0d6ff98"
 		logic_hash = "1728d47b3f364cff02ae61ccf381ecab0c1fe46a5c76d832731fdf7acc1caf55"
 		score = 75
@@ -80241,8 +82232,8 @@ rule ELASTIC_Linux_Generic_Threat_9Aaf894F : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L349-L367"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L349-L367"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "467ac05956eec6c74217112721b3008186b2802af2cafed6d2038c79621bcb08"
 		logic_hash = "b28d6a8c23aba4371e2e5f48861d2bcc8bdfa7212738eda7b1b4a3059d159cf2"
 		score = 75
@@ -80270,8 +82261,8 @@ rule ELASTIC_Linux_Generic_Threat_Ba3A047D : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L369-L388"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L369-L388"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3064e89f3585f7f5b69852f1502e34a8423edf5b7da89b93fb8bd0bef0a28b8b"
 		logic_hash = "ffcfb90c0c796b7b343adbd2142193759ececddd0700c0bb4e2898947464b1a2"
 		score = 75
@@ -80300,8 +82291,8 @@ rule ELASTIC_Linux_Generic_Threat_902Cfdc5 : FILE MEMORY
 		date = "2024-01-23"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L390-L408"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L390-L408"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3fa5057e1be1cfeb73f6ebcdf84e00c37e9e09f1bec347d5424dd730a2124fa8"
 		logic_hash = "0f86914cb598262744660e65048f75d071307ae47d069971bfcd049a7d4b36e5"
 		score = 75
@@ -80329,8 +82320,8 @@ rule ELASTIC_Linux_Generic_Threat_094C1238 : FILE MEMORY
 		date = "2024-01-23"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L410-L428"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L410-L428"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2bfe7d51d59901af345ef06dafd8f0e950dcf8461922999670182bfc7082befd"
 		logic_hash = "fb82e16bf153c88377cc8655557bc1f021af6e04e1160129ce9555e078d00a0d"
 		score = 75
@@ -80358,8 +82349,8 @@ rule ELASTIC_Linux_Generic_Threat_A8Faf785 : FILE MEMORY
 		date = "2024-01-23"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L430-L448"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L430-L448"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6028562baf0a7dd27329c8926585007ba3e0648da25088204ebab2ac8f723e70"
 		logic_hash = "3ab5d9ba39be2553173f6eb4d2a1ca22bfb9f1bd537fed247f273eba1eabd782"
 		score = 75
@@ -80387,8 +82378,8 @@ rule ELASTIC_Linux_Generic_Threat_04E8E4A5 : FILE MEMORY
 		date = "2024-01-23"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L450-L468"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L450-L468"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "248f010f18962c8d1cc4587e6c8b683a120a1e838d091284ba141566a8a01b92"
 		logic_hash = "9b04725bf0a75340c011028b201ed08eb9de305a5b4630cc79156c0a847cdc9e"
 		score = 75
@@ -80416,8 +82407,8 @@ rule ELASTIC_Linux_Generic_Threat_47B147Ec : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L470-L488"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L470-L488"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cc7734a10998a4878b8f0c362971243ea051ce6c1689444ba6e71aea297fb70d"
 		logic_hash = "84c68f2ed76d644122daf81d41d4eb0be9aa8b1c82993464d3138ae30992110f"
 		score = 75
@@ -80445,8 +82436,8 @@ rule ELASTIC_Linux_Generic_Threat_887671E9 : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L490-L508"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L490-L508"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "701c7c75ed6a7aaf59f5a1f04192a1f7d49d73c1bd36453aed703ad5560606dc"
 		logic_hash = "eefe9391a9ce716dbe16f11b8ccea89d032fdad42fcabd84ffe584409c550847"
 		score = 75
@@ -80474,8 +82465,8 @@ rule ELASTIC_Linux_Generic_Threat_9Cf10F10 : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L510-L528"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L510-L528"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d07c9be37dc37f43a54c8249fe887dbc4058708f238ff3d95ed21f874cbb84e8"
 		logic_hash = "ca4ae64b73fb7013008e8049d17479032d904a3faf5ad0f2ad079971a231a3b8"
 		score = 75
@@ -80503,8 +82494,8 @@ rule ELASTIC_Linux_Generic_Threat_75813Ab2 : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L530-L549"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L530-L549"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5819eb73254fd2a698eb71bd738cf3df7beb65e8fb5e866151e8135865e3fd9a"
 		logic_hash = "06e5daed278273137e416ef3ee6ac8496b144a9c3ce213ec92881ba61d7db6cb"
 		score = 75
@@ -80533,8 +82524,8 @@ rule ELASTIC_Linux_Generic_Threat_11041685 : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L551-L570"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L551-L570"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "296440107afb1c8c03e5efaf862f2e8cc6b5d2cf979f2c73ccac859d4b78865a"
 		logic_hash = "19f4109e73981424527ece8c375274f97fd3042427b7875071451a8081a9aae7"
 		score = 75
@@ -80563,8 +82554,8 @@ rule ELASTIC_Linux_Generic_Threat_0D22F19C : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L572-L591"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L572-L591"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "da5a204af600e73184455d44aa6e01d82be8b480aa787b28a1df88bb281eb4db"
 		logic_hash = "ee43796b0717717cb012385d5bb3aece433c11780f1a293d280c39411f9fed98"
 		score = 75
@@ -80593,8 +82584,8 @@ rule ELASTIC_Linux_Generic_Threat_4A46B0E1 : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L593-L612"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L593-L612"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ba47ba830ab8deebd9bb906ea45c7df1f7a281277b44d43c588c55c11eba34a"
 		logic_hash = "e3f6804f502fad8c893fb4c3c27506b6ef17d7e0d0a01399c6d185bad92e895a"
 		score = 75
@@ -80623,8 +82614,8 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY
 		date = "2024-02-01"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Generic_Threat.yar#L614-L633"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L614-L633"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f23d4b1fd10e3cdd5499a12f426e72cdf0a098617e6b178401441f249836371e"
 		logic_hash = "3ceea812f0252ec703a92482ce7a3ef0aa65bad149df2aa0107e07a45490b8f1"
 		score = 75
@@ -80644,6 +82635,867 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Generic_Threat_6D7Ec30A : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "6d7ec30a-5c9f-4d82-8191-b26eb2f40799"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L635-L654"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "1cad1ddad84cdd8788478c529ed4a5f25911fb98d0a6241dcf5f32b0cdfc3eb0"
+		logic_hash = "33c705b89a82989c25fc67f50b06aa3a613cae567ec652d86ae64bad4b253c28"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "7d547a73a44eab080dde9cd3ff87d75cf39d2ae71d84a3daaa6e6828e057f134"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 2F 74 6D 70 2F 73 6F 63 6B 73 35 2E 73 68 }
+		$a2 = { 63 61 74 20 3C 28 65 63 68 6F 20 27 40 72 65 62 6F 6F 74 20 65 63 68 6F 20 73 6F 63 6B 73 35 5F 62 61 63 6B 63 6F 6E 6E 65 63 74 36 36 36 20 3E 20 2F 64 65 76 2F 6E 75 6C 6C 20 7C 20 28 63 64 20 20 26 26 20 29 27 29 20 3C 28 73 65 64 20 27 2F 73 6F 63 6B 73 35 5F 62 61 63 6B 63 6F 6E 6E 65 63 74 36 36 36 2F 64 27 20 3C 28 63 72 6F 6E 74 61 62 20 2D 6C 20 32 3E 2F 64 65 76 2F 6E 75 6C 6C 29 29 20 7C 20 63 72 6F 6E 74 61 62 20 2D }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_900Ffdd4 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "900ffdd4-085e-4d6b-af7b-2972157dcefd"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L656-L674"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "a3e1a1f22f6d32931d3f72c35a5ee50092b5492b3874e9e6309d015d82bddc5d"
+		logic_hash = "eb69bfc146b32e790fffdf4588b583335d2006182070b53fec43bb6e4971d779"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f03d39e53b06dd896bfaff7c94beaa113df1831dc397ef0ea8bea63156316a1b"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 20 48 89 7D E8 89 75 E4 48 83 7D E8 00 74 5C C7 45 FC 00 00 00 00 EB 3D 8B 45 FC 48 98 48 C1 E0 04 48 89 C2 48 8B 45 E8 48 01 D0 48 8B 00 48 85 C0 74 1E 8B 45 FC 48 98 48 C1 E0 04 48 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Cb825102 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "cb825102-0b03-4885-9f73-44dd0cf2d45c"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L676-L694"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "4e24b72b24026e3dfbd65ddab9194bd03d09446f9ff0b3bcec76efbb5c096584"
+		logic_hash = "ac48f32ec82aac6df0697729d14aaee65fba82d91173332cd13c6ccccd63b1be"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "e23ac81c245de350514c54f91e8171c8c4274d76c1679500d6d2b105f473bdfc"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 5B 2B 5D 20 72 65 73 6F 6C 76 69 6E 67 20 72 65 71 75 69 72 65 64 20 73 79 6D 62 6F 6C 73 2E 2E 2E }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_3Bcc1630 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "3bcc1630-cfa4-4f2e-b129-f0150595dbc3"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L696-L716"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "62a6866e924af2e2f5c8c1f5009ce64000acf700bb5351a47c7cfce6a4b2ffeb"
+		logic_hash = "6f602aac6db46ac3f5b7716a1dac53b5dbd2c583505644bfc617d69be0a2d4de"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "0e4fe564c5c3c04e4b40af2bebb091589fb52292bd16a78b733c67968fa166e7"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 2F 72 6F 6F 74 2F 64 76 72 5F 67 75 69 2F }
+		$a2 = { 2F 72 6F 6F 74 2F 64 76 72 5F 61 70 70 2F }
+		$a3 = { 73 74 6D 5F 68 69 33 35 31 31 5F 64 76 72 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_5D5Fd28E : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "5d5fd28e-ae8f-4b6f-ad95-57725550fcef"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L718-L738"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "5b179a117e946ce639e99ff42ab70616ed9f3953ff90b131b4b3063f970fa955"
+		logic_hash = "b29ca34b98ee87151496f900fa3558190127957539afac3fd99db2dc51980213"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "3a24edfbafc0abee418998d3a6355f4aa2659d68e27db502149a34266076ed15"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 2F 75 73 72 2F 62 69 6E 2F 77 64 31 }
+		$a2 = { 2F 75 73 72 2F 62 69 6E 2F 63 64 31 }
+		$a3 = { 2F 75 73 72 2F 62 69 6E 2F 63 64 74 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_B0B891Fb : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b0b891fb-f262-4a06-aa3c-be0baeb53172"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L740-L759"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "d666bc0600075f01d8139f8b09c5f4e4da17fa06a86ebb3fa0dc478562e541ae"
+		logic_hash = "9ec82691a230f3240b1253f99a45cd0baa3238b6fd533004a22a6152b6ac9a12"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "c6e4f7bcc94b584f8537724d3ecd9f83e6c3981cdc35d5cdc691730ed0e435ef"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 6D 61 69 6E 2E 65 6E 63 72 79 70 74 5F 66 69 6C 65 }
+		$a2 = { 2F 64 65 76 2F 75 72 61 6E 64 6F 6D 2F 6D 6E 74 2F 65 78 74 2F 6F 70 74 31 35 32 35 38 37 38 39 30 36 32 35 37 36 32 39 33 39 34 35 33 31 32 35 42 69 64 69 5F 43 6F 6E 74 72 6F 6C 4A 6F 69 6E 5F 43 6F 6E 74 72 6F 6C 4D 65 65 74 65 69 5F 4D 61 79 65 6B 50 61 68 61 77 68 5F 48 6D 6F 6E 67 53 6F 72 61 5F 53 6F 6D 70 65 6E 67 53 79 6C 6F 74 69 5F 4E 61 67 72 69 61 62 69 20 6D 69 73 6D 61 74 63 68 62 61 64 20 66 6C 75 73 68 47 65 6E 62 61 64 20 67 20 73 74 61 74 75 73 62 61 64 20 72 65 63 6F 76 65 72 79 63 61 6E 27 74 20 68 61 70 70 65 6E 63 61 73 36 34 20 66 61 69 6C 65 64 63 68 61 6E 20 72 65 63 65 69 76 65 64 75 6D 70 69 6E 67 20 68 65 61 70 65 6E 64 20 74 72 61 63 65 67 63 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Cd9Ce063 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "cd9ce063-a33b-4771-b7c0-7342d486e15a"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L761-L779"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "485581520dd73429b662b73083d504aa8118e01c5d37c1c08b21a5db0341a19d"
+		logic_hash = "ba070c2147028cad4be1c139b16a770c9d9854456d073373a93ed0b213f7b34c"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "e090bd44440e912d04de390c240ca18265bcf49e34f6689b3162e74d2fd31ba4"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 2C 2A 73 74 72 75 63 74 20 7B 20 46 20 75 69 6E 74 70 74 72 3B 20 2E 61 75 74 6F 74 6D 70 5F 32 36 20 2A 74 6C 73 2E 43 6F 6E 6E 20 7D }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_B8B076F4 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "b8b076f4-c64a-400b-80cb-5793c97ad033"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L781-L799"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "4496e77ff00ad49a32e090750cb10c55e773752f4a50be05e3c7faacc97d2677"
+		logic_hash = "37f3be4cbda4a93136d66e32d7245d4c962a9fe1c98fb0325f42a1d16d6d9415"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f9c6c055e098164d0add87029d03aec049c4bed2c4643f9b4e32dd82f596455c"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 48 81 EC C0 00 00 00 48 89 AC 24 B8 00 00 00 48 8D AC 24 B8 00 00 00 44 0F 11 7C 24 2E 44 0F 11 7C 24 2F 44 0F 11 7C 24 3F 44 0F 11 7C 24 4F 44 0F 11 7C 24 5F 48 8B 94 24 C8 00 00 00 48 89 54 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_1Ac392Ca : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1ac392ca-d428-47ef-98af-d02d8305ae67"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L801-L819"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "dca2d035b1f7191f7876eb727b13c308f63fe8f899cab643526f9492ec0fa16f"
+		logic_hash = "6ffa5099c0d18644cd11a0511db542d2f809e4cba974eccca814fedf5a2b0a5b"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "e21805cc2d548c940b0cefa8ee99bd55c5599840e32b8341a4ef5dfb0bc679ff"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 53 4F 41 50 41 63 74 69 6F 6E 3A 20 75 72 6E 3A 73 63 68 65 6D 61 73 2D 75 70 6E 70 2D 6F 72 67 3A 73 65 72 76 69 63 65 3A 57 41 4E 49 50 43 6F 6E 6E 65 63 74 69 6F 6E 3A 31 23 41 64 64 50 6F 72 74 4D 61 70 70 69 6E 67 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_949Bf68C : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "949bf68c-e6a0-451d-9e49-4515954aabc8"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L821-L839"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "cc1b339ff6b33912a8713c192e8743d1207917825b62b6f585ab7c8d6ab4c044"
+		logic_hash = "aaae0a8a2827786513891bc8c3e3418823ae3f3291d891e80e82113b929f7513"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "e478c8befed6da3cdd9985515e4650a8b7dad1ea28292c2cf91069856155facd"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 55 89 E5 57 56 53 81 EC 58 01 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 89 85 B4 FE FF FF 89 95 AC FE FF FF 8D B5 C4 FE FF FF 56 ?? ?? ?? ?? ?? 58 5A 6A 01 56 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Bd35454B : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "bd35454b-a0dd-4925-afae-6416f3695826"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L841-L860"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "cd729507d2e17aea23a56a56e0c593214dbda4197e8a353abe4ed0c5fbc4799c"
+		logic_hash = "d3619cdb002b4ac7167716234058f949623c42a64614f5eb7956866b68fff5e4"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "721aa441a2567eab29c9bc76f12d0fdde8b8a124ca5a3693fbf9821f5b347825"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 6D 61 69 6E 2E 65 6E 63 72 79 70 74 5F 66 69 6C 65 }
+		$a2 = { 57 68 61 74 20 67 75 61 72 61 6E 74 65 65 73 3F }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_1E047045 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1e047045-e08b-4ecb-8892-90a1ab94f8b1"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L862-L880"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "2c49772d89bcc4ad4ed0cc130f91ed0ce1e625262762a4e9279058f36f4f5841"
+		logic_hash = "0d28df53e030664e7225f1170888b51e94e64833537c5add3e10cfdb4f029a3a"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "aa99b16f175649c251cb299537baf8bded37d85af8b2539b4aba4ffd634b3f66"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 18 48 89 FB 48 89 F5 64 48 8B 04 25 28 00 00 00 48 89 44 24 08 31 C0 48 8B 47 08 48 89 C2 48 C1 EA 18 88 14 24 48 89 C2 48 C1 EA 10 88 54 24 01 48 89 C2 48 C1 EA 08 88 54 24 02 88 44 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_1973391F : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1973391f-b9a2-465d-8990-51c6e9fab84b"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L882-L901"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7bd76010f18061aeaf612ad96d7c03341519d85f6a1683fc4b2c74ea0508fe1f"
+		logic_hash = "632a43b68e498f463ff5dfa78212646b8bd108ea47ff11164c8c1a69e830c1ac"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "90a261afd81993057b084c607e27843ff69649b3d90f4d0b52464e87fdf2654d"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 70 69 63 6B 75 70 20 2D 6C 20 2D 74 20 66 69 66 6F 20 2D 75 }
+		$a2 = { 5B 2D 5D 20 43 6F 6E 6E 65 63 74 20 66 61 69 6C 65 64 2E }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_66D00A84 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "66d00a84-c148-4a82-8da5-955787c103a4"
+		date = "2024-02-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L903-L921"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "464e144bcbb54fc34262b4d81143f4e69e350fb526c803ebea1fdcfc8e57bf33"
+		logic_hash = "a1d60619d72b3309bfaaf8b4085dd5ed90142ff3e9ebfe80fcd7beba5f14a62e"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "1b6c635dc149780691f292014f3dbc20755d26935b7ae0b3d8f250c10668e28a"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 48 81 EC 10 04 00 00 4C 89 E7 49 8D 8C 24 FF 03 00 00 49 89 E0 48 89 E0 8A 17 84 D2 74 14 80 7F 01 00 88 10 74 05 48 FF C0 EB 07 88 58 01 48 83 C0 02 48 FF C7 48 39 F9 75 DE 4C 39 C0 74 06 C6 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_D2Dca9E7 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "d2dca9e7-6ce6-49b9-92a8-f0149f2deb42"
+		date = "2024-05-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L923-L941"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "9b10bb3773011c4da44bf3a0f05b83079e4ad30f0b1eb2636a6025b927e03c7f"
+		logic_hash = "175b9a80314cf280b995a012f13e65bd4ce7e27faebf02ae5abe978dbd14447c"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "2a1182f380b07d7ad1f46514200e33ea364711073023ad05f4d82b210e43cfed"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { D0 4D E2 00 50 A0 E1 06 60 8F E0 08 00 00 0A 10 20 90 E5 18 30 90 E5 03 00 52 E1 01 40 D2 34 10 20 80 35 1F 00 00 3A 3B 01 00 EB 00 40 A0 E1 1C 00 00 EA 80 30 9F E5 38 40 80 E2 04 20 A0 E1 03 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_1F5D056B : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "1f5d056b-1e9c-47f6-a63c-752f4cf130a1"
+		date = "2024-05-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L943-L962"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "99d982701b156fe3523b359498c2d03899ea9805d6349416c9702b1067293471"
+		logic_hash = "8ad23b593880dc1bebc95c92d0efc3a90e6b1e143c350e30b1a4258502ce7fc7"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "b44a383deaa361db02b342ea52b4f3db9a604bf8b66203fefa5c5d68c361a1d0"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 30 31 32 33 34 35 36 37 38 }
+		$a2 = { 47 45 54 20 2F 63 6F 6E 66 69 67 20 48 54 54 50 2F 31 2E 30 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_D94E1020 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "d94e1020-ff66-4501-95e1-45ab552b1c18"
+		date = "2024-05-20"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L964-L982"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "96a2bfbb55250b784e94b1006391cc51e4adecbdde1fe450eab53353186f6ff0"
+		logic_hash = "e4b4e588588080c66076aec02f56b4764a5f72059922db9651461c0287fe0351"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c291c07b6225c8ce94f38ad7cb8bb908039abfc43333c6524df776b28c79452a"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { D0 4D E2 0C C0 9D E5 0C 30 4C E2 02 00 53 E3 14 30 8D E2 00 30 8D E5 10 30 9D E5 0C 10 A0 E1 03 20 A0 E1 01 00 00 8A 0F 00 00 EB 0A 00 00 EA 03 20 A0 E1 0C 10 A0 E1 37 00 90 EF 01 0A 70 E3 00 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Aa0C23D5 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "aa0c23d5-e633-4898-91f8-3cf84c9dd6af"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L984-L1004"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "8314290b81b827e1a1d157c41916a41a1c033e4f74876acc6806ed79ebbcc13d"
+		logic_hash = "092f0ece2dfca3e02493c00afffe48ca4feccf56ab6f22d952a7ba5f115f3765"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "acd33e82bcefde691df1cf2739518018f05e0f03ef2da692f3ccca810c2ef361"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F }
+		$a2 = { 77 66 6F 66 60 6C 6E 62 67 6E 6A 6D }
+		$a3 = { 62 67 6E 6A 6D 77 66 6F 66 60 6C 6E }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_8299C877 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "8299c877-a0c3-4673-96c7-58c80062e316"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1006-L1024"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "60c486049ec82b4fa2e0a53293ae6476216b76e2c23238ef1c723ac0a2ae070c"
+		logic_hash = "3e0653a02517faa3037fc5f3f01f6fb11164fecafc6eca457a122ef2d1a99010"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "bae38e2a147dc82ffd66e89214d12c639c690f3d2e701335969f090a21bf0ba7"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { D0 4D E2 0D 10 A0 E1 07 00 A0 E3 1E 00 00 EB 00 00 50 E3 00 00 9D A5 01 0C A0 B3 0C D0 8D E2 04 E0 9D E4 1E FF 2F E1 04 70 2D E5 CA 70 A0 E3 00 00 00 EF 80 00 BD E8 1E FF 2F E1 04 70 2D E5 C9 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_81Aa5579 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "81aa5579-6d94-42a7-9103-de3972dfe141"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1026-L1044"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "6be0e2c98ba5255b76c31f689432a9de83a0d76a898c28dbed0ba11354fec6c2"
+		logic_hash = "c94d590daf61217335a72f3e1bc24b09084cf0a5a174c013c5aa97c01707c2bc"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "60492dca0e33e2700c25502292e6ec54609b83c7616a96ae4731f4a1cd9e2f41"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { D0 4D E2 07 00 8D E8 03 10 A0 E3 0D 20 A0 E1 08 00 9F E5 84 00 00 EB 0C D0 8D E2 00 80 BD E8 66 00 90 00 01 C0 A0 E1 00 10 A0 E1 08 00 9F E5 02 30 A0 E1 0C 20 A0 E1 7B 00 00 EA 04 00 90 00 01 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_F2452362 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "f2452362-dc55-452f-9e93-e6a6b74d8ebd"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1046-L1065"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "5ff46c27b5823e55f25c9567d687529a24a0d52dea5bc2423b36345782e6b8f6"
+		logic_hash = "95d51077cb7c0f4b089a2e2ee8fcbab204264ade7ddd64fc1ee0176183dc84e0"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "cc293c87513ca1332e5ec13c9ce47efbe5e9c48c0cece435ac3c8bdbc822ea82"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 6F 72 69 67 69 6E 61 6C 5F 72 65 61 64 64 69 72 }
+		$a2 = { 45 72 72 6F 72 20 69 6E 20 64 6C 73 79 6D 3A 20 25 73 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Da28Eb8B : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "da28eb8b-7176-4415-9c58-5f74da70f53d"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1067-L1086"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b3b4fcd19d71814d3b4899528ee9c3c2188e4a7a4d8ddb88859b1a6868e8433f"
+		logic_hash = "8b0892d0dd8a012a1f9cd87a0ad3321ae751dd17a96205c12e6648946cf2afe2"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "490b6a89ea704a25d0e21dfb9833d56bc26f93c788efb7fcbfe38544696d0dfd"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 4A 66 67 67 6C 6A 7D 60 66 67 33 29 62 6C 6C 79 24 68 65 60 }
+		$a2 = { 48 6A 6A 6C 79 7D 33 29 7D 6C 71 7D 26 61 7D 64 65 25 68 79 79 65 60 6A 68 7D 60 66 67 26 71 61 7D 64 65 22 71 64 65 25 68 79 79 65 60 6A 68 7D 60 66 67 26 71 64 65 32 78 34 39 27 30 25 60 64 68 6E 6C 26 7E 6C 6B 79 25 23 26 23 32 78 34 39 27 31 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_A40Aaa96 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "a40aaa96-4dcf-45b8-a95e-7ed7f27a31b6"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1088-L1108"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "6f965252141084524f85d94169b13938721bce24cc986bf870473566b7cfd81b"
+		logic_hash = "ab05cbf494b3b78083fd3e71703effed797d803b0203f8a413eb69b746656b1d"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "ce2da00db88bba513f910bdb00e1c935d1d972fe20558e2ec8e3c57cdbd5b7be"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 6D 61 69 6E 2E 55 69 6E 74 33 32 6E }
+		$a2 = { 6D 61 69 6E 2E 47 65 74 72 61 6E 64 }
+		$a3 = { 6D 61 69 6E 2E 28 2A 52 4E 47 29 2E 55 69 6E 74 33 32 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_E24558E1 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "e24558e1-1337-4566-8816-9b83cbaccbf6"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1110-L1130"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "9f483ddd8971cad4b25bb36a5a0cfb95c35a12c7d5cb9124ef0cfd020da63e99"
+		logic_hash = "f1f33c719a4b41968c137ed43aa0591f97b4558d4dd9bd160df519dfbbc49205"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "04ca7e3775e3830a3388a4ad83a5e0256992c9f7beb4b59defcfb684d8471122"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 77 66 6F 66 60 6C 6E 62 67 6E 6A 6D }
+		$a2 = { 62 67 6E 6A 6D 77 66 6F 66 60 6C 6E }
+		$a3 = { 77 62 59 79 43 31 30 37 3A 36 3B 36 3A }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Ace836F1 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "ace836f1-74f0-4031-903b-ec5b95a40d46"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1132-L1150"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "116aaba80e2f303206d0ba84c8c58a4e3e34b70a8ca2717fa9cf1aa414d5ffcc"
+		logic_hash = "c80af9d6f3e4d92cfa53429abbda944069d335fc89421a89e04089d236f5dddf"
+		score = 75
+		quality = 73
+		tags = "FILE, MEMORY"
+		fingerprint = "907b40e66d5da2faf142917304406d0a8abc7356d73b2a6a6789be22b4daf4ab"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 4E 54 4C 4D 53 53 50 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 63 25 73 25 73 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_E9Aef030 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "e9aef030-7d8c-4e9d-a364-178c717516f0"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1152-L1170"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "5ab72be12cca8275d95a90188a1584d67f95d43a7903987e734002983b5a3925"
+		logic_hash = "1d458e147d6667e2e0740d6d26fee05ac02f49e9eba30002852e723308b1b462"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "50ae1497132a9f1afc6af5bf96a0a49ca00023d5f0837cb8d67b4fd8b0864cc7"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { D0 4D E2 00 50 A0 E1 0A 00 00 0A 38 40 80 E2 28 31 9F E5 10 00 8D E2 24 11 9F E5 04 20 A0 E1 0F E0 A0 E1 03 F0 A0 E1 04 00 A0 E1 14 31 9F E5 0F E0 A0 E1 03 F0 A0 E1 00 30 D5 E5 40 00 13 E2 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_A3C5F3Bd : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "a3c5f3bd-9afe-44f4-98da-6ad704d0dee1"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1172-L1192"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "8c093bcf3d83545ec442519637c956d2af62193ea6fd2769925cacda54e672b6"
+		logic_hash = "41e66d1f47e7197662aa661ef49ee1f3191fee07a49538dd631ce9cc6fdd56be"
+		score = 75
+		quality = 69
+		tags = "FILE, MEMORY"
+		fingerprint = "f86d540c4e884a9c893471cf08db86c9bf34162fe9970411f8e56917fd9d3d8f"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 66 68 5F 72 65 6D 6F 76 65 5F 68 6F 6F 6B }
+		$a2 = { 66 68 5F 66 74 72 61 63 65 5F 74 68 75 6E 6B }
+		$a3 = { 66 68 5F 69 6E 73 74 61 6C 6C 5F 68 6F 6F 6B }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_3Fa2Df51 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "3fa2df51-fa0e-4149-8631-fa4bfb2fe66e"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1194-L1213"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "89ec224db6b63936e8bc772415d785ef063bfd9343319892e832034696ff6f15"
+		logic_hash = "f43b659dd093a635d9723b2443366763132217aaf28c582ed43f180725f92f19"
+		score = 75
+		quality = 71
+		tags = "FILE, MEMORY"
+		fingerprint = "3aa2bbc4e177574fa2ae737e6f27b92caa9a83e6e9a1704599be67e2c3482f6a"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 5B 6B 77 6F 72 6B 65 72 2F 30 3A 32 5D }
+		$a2 = { 2F 74 6D 70 2F 6C 6F 67 5F 64 65 2E 6C 6F 67 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Generic_Threat_Be02B1C9 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Generic Threat (Linux.Generic.Threat)"
+		author = "Elastic Security"
+		id = "be02b1c9-fb48-434c-a0ee-a1a87938992c"
+		date = "2024-05-21"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Generic_Threat.yar#L1215-L1233"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "ef6d47ed26f9ac96836f112f1085656cf73fc445c8bacdb737b8be34d8e3bcd2"
+		logic_hash = "a278c3a8033139d84c99a53901526895b154b5ef363fbeed47095889a5fb8d31"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c803bfffa481ad01bbfe490f9732748f8988669eab6bdf9f1e0e55f5ba8917a3"
+		severity = 50
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = { 18 48 89 FB 48 89 F5 48 8B 47 08 48 89 C2 48 C1 EA 18 88 14 24 48 89 C2 48 C1 EA 10 88 54 24 01 48 89 C2 48 C1 EA 08 88 54 24 02 88 44 24 03 48 8B 07 48 89 C2 48 C1 EA 18 88 54 24 04 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY
 {
 	meta:
@@ -80653,8 +83505,8 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY
 		date = "2023-05-16"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d911566ca546a8546928cd0ffa838fd344b35f75a4a7e80789d20e52c7cd38d0"
 		score = 75
 		quality = 75
@@ -80674,6 +83526,36 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY
 	condition:
 		2 of them
 }
+rule ELASTIC_Linux_Ransomware_Babuk_Bd216Cab : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Ransomware Babuk (Linux.Ransomware.Babuk)"
+		author = "Elastic Security"
+		id = "bd216cab-6532-4a71-9353-8ad692550b97"
+		date = "2024-05-09"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "d305a30017baef4f08cee38a851b57869676e45c66e64bb7cc58d40bf0142fe0"
+		logic_hash = "b0538be9d8deccc3f77640da28e5fd38a07557e9e5e3c09b11349d7eb50a56b5"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c7517a40759de20edf7851d164c0e4ba71de049f8ea964f15ab5db12c35352ad"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a1 = "Whole files count: %d"
+		$a2 = "Doesn't encrypted files: %d"
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY
 {
 	meta:
@@ -80683,8 +83565,8 @@ rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7c44c2ca77ef7a62446f6266a757817a6c9af5e010a219a43a1905e2bc5725b0"
 		logic_hash = "c9c63114e45b45b1c243af1f719cddc838a06a1f35d65dca6a2fb5574047eff0"
 		score = 60
@@ -80712,8 +83594,8 @@ rule ELASTIC_Multi_EICAR_Ac8F42D6 : FILE MEMORY
 		date = "2021-01-21"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_EICAR.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_EICAR.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "05c92058aab1229dfa31e006276c2c83fa484e813bdfe66edf387763797d9d57"
 		score = 75
 		quality = 25
@@ -80740,8 +83622,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_7Efaef9F : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6"
 		logic_hash = "fa547d7c1623b332ef306672dd2293b44016d9974c1a3ec4b15e5ae0483ff879"
 		score = 75
@@ -80773,8 +83655,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_B60A50B8 : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6"
 		logic_hash = "fe585ab7efbc3b500ea23d1c164bc79ded658001e53fc71721e435ed7579182a"
 		score = 75
@@ -80802,8 +83684,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_F9F9E79D : FILE MEMORY
 		date = "2022-04-23"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c"
 		logic_hash = "a71d75719133e8b84956ec002cb31f82386ef711fa2af79d204d176492cd354b"
 		score = 75
@@ -80831,8 +83713,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY
 		date = "2022-04-24"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c"
 		logic_hash = "88783bde7014853f6556c6e7ee2dfd5cd5fcbfb4523ed158b4287e2bfba409f1"
 		score = 75
@@ -80864,8 +83746,8 @@ rule ELASTIC_Linux_Trojan_Swrort_5Ad1A4F9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Swrort.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Swrort.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fa5695c355a6dc1f368a4b36a45e8f18958dacdbe0eac80c618fbec976bac8fe"
 		logic_hash = "3a1fa978e0c8ab0dd4e7965a3f91306d6123c19f21b86d3f8088979bf58c3a07"
 		score = 75
@@ -80893,8 +83775,8 @@ rule ELASTIC_Linux_Trojan_Swrort_4Cb5B116 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Swrort.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Swrort.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "703c16d4fcc6f815f540d50d8408ea00b4cf8060cc5f6f3ba21be047e32758e0"
 		logic_hash = "9404856fc3290f3a8f9bf891fde9a614fc4484719eb3b51ce7ab601a41e0c3a5"
 		score = 75
@@ -80922,8 +83804,8 @@ rule ELASTIC_Linux_Trojan_Swrort_22C2D6B6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Swrort.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Swrort.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6df073767f48dd79f98e60aa1079f3ab0b89e4f13eedc1af3c2c073e5e235bbc"
 		logic_hash = "f661544d267a55feec786ab3d4fc4f002afa8e2b58833461f56b745ec65acfd4"
 		score = 75
@@ -80951,8 +83833,8 @@ rule ELASTIC_Windows_Ransomware_Akira_C8C298Ba : FILE MEMORY
 		date = "2024-05-02"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Akira.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Akira.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc"
 		logic_hash = "9058c83693e93f6daee8894453e56e0d9a4867d551ec3a6b66d7a517f65d8b07"
 		score = 75
@@ -80985,8 +83867,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE
 		date = "2021-01-12"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7ac1d7b6107307fb2442522604c8fa56010d931392d606ac74dcea6b7125954b"
 		logic_hash = "b7289c4688ec67d59e67755461f1f4e0c3f47ef9f8c73fc1dcc1d168baf11623"
 		score = 75
@@ -81005,6 +83887,35 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Cryptominer_Generic_F53Cfb9B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Cryptominer Generic (Windows.Cryptominer.Generic)"
+		author = "Elastic Security"
+		id = "f53cfb9b-0286-4e7e-895e-385b6f64c58a"
+		date = "2024-03-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "a9870a03ddc6543a5a12d50f95934ff49f26b60921096b2c8f2193cb411ed408"
+		logic_hash = "b2453862747e251afc34c57e887889b8d3a65a9cc876d4a95ff5ecfcc24e4bd3"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "2b66960ee7d423669d0d9e9dcd22ea6e1c0843893e5e04db92237b67b43d645c"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 48 81 EC B8 00 00 00 0F AE 9C 24 10 01 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0F AE 94 24 14 01 00 00 4C 8B A9 E0 00 00 00 4C 8B CA 4C 8B 51 20 4C 8B C1 4C 33 11 ?? ?? ?? ?? ?? ?? 4C 8B 59 28 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY
 {
 	meta:
@@ -81014,8 +83925,8 @@ rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8a0a9740cf928b3bd1157a9044c6aced0dfeef3aa25e9ff9c93e113cbc1117ee"
 		logic_hash = "590b28264345ea0bdbd53791f422cb4f1fad143df2b790824fc182356a568d7d"
 		score = 75
@@ -81053,8 +83964,8 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847
 		date = "2022-03-10"
 		modified = "2022-03-14"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c6b2cef2f2bc04e3ae33e0d368eb39eb5ea38d1bca390df47f7096117c1aecca"
 		logic_hash = "e15daf5de9bf66060e373a6e772669eade543ed56bef6b6924a0ee44e59522e1"
 		score = 75
@@ -81081,6 +83992,35 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847
 	condition:
 		($pp and 2 of ($s*)) or ( all of ($bs*))
 }
+rule ELASTIC_Windows_Trojan_Legionloader_F91120C6 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Legionloader (Windows.Trojan.LegionLoader)"
+		author = "Elastic Security"
+		id = "f91120c6-395d-4c47-acd2-49c7eb1b8013"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "45670ffa9b24542ae84e3c9eb5ce609c2bcd29129215a7f37eb74b6211e32b22"
+		logic_hash = "760402587a9ca3d3e6602fe57d3346ea6f60ba5c8d3a902bf493233baab597b0"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "81476a8981ca0dbd7ac32073d6dc4362ae251ff06827c120e902f1aa3a53ce68"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 55 8B EC 83 EC 08 89 4D F8 8B 4D F8 E8 4F 01 00 00 0F B6 C0 85 C0 75 09 C7 45 FC 01 00 00 00 EB 07 C7 45 FC 00 00 00 00 0F B6 45 FC 8B E5 5D C3 55 8B EC 51 89 4D FC 8B 4D FC E8 21 01 00 00 8B }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY
 {
 	meta:
@@ -81090,8 +84030,8 @@ rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY
 		date = "2024-02-28"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ebf0f1bfd166d2d49b642fa43cb0c7364c0c605d9a7f108dc49d9f1cc859ab4a"
 		logic_hash = "7be1a4e25cf41e47ab135c718b7ec5a49a2890cf873c52597f8dab4d47636ed8"
 		score = 75
@@ -81124,8 +84064,8 @@ rule ELASTIC_Windows_Vulndriver_Agent64_8Ef48Aeb : FILE
 		date = "2022-07-19"
 		modified = "2022-07-19"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748"
 		hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca"
 		logic_hash = "a35f82202507e582e3cbc7018656545fcee1244ec1638a696f0b7c970fd5023c"
@@ -81159,8 +84099,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY
 		date = "2023-12-12"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "330f5067c93041821be4e7097cf32fb569e2e1d00e952156c9aafcddb847b873"
 		hash = "e2a620e76352fa7ac58407a711821da52093d97d12293ae93d813163c58eb84b"
 		logic_hash = "c0792bc3c1a2f01ff4b8d0a12c95a74491c2805c876f95a26bbeaabecdff70e9"
@@ -81180,6 +84120,37 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Trojan_Solarmarker_08Bfc26B : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Solarmarker (Windows.Trojan.SolarMarker)"
+		author = "Elastic Security"
+		id = "08bfc26b-efda-49b4-b685-57edca8b9d18"
+		date = "2024-05-29"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "c1a6d2d78cc50f080f1fe4cadc6043027bf201d194f2b73625ce3664433a3966"
+		logic_hash = "b31b9f8460b606426c1101eba39a41a75c7ecaafc62388a6a5ac0f24057561ed"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "9c0c4a5bce63c9d99d53813f7250b3ccc395cb99eaebb8c016f8c040fbfa4ea7"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 07 09 91 61 D2 9C 09 20 C8 00 00 00 5D 16 FE 01 16 FE 01 13 }
+		$a2 = { 91 07 08 91 61 D2 9C 08 20 C8 00 00 00 5D 16 FE 01 16 FE 01 }
+		$a3 = { 06 08 06 08 91 07 08 91 61 D2 9C 08 20 C8 00 00 00 5D 16 FE }
+
+	condition:
+		any of them
+}
 rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE
 {
 	meta:
@@ -81189,8 +84160,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433"
 		logic_hash = "192b51f0bbd2cab4c1d3da6f82fbee7129a53abaa6e8769d3681821112017824"
 		score = 75
@@ -81220,8 +84191,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_9B01C718 : FILE
 		date = "2023-01-22"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bb82d8c29127955d58dff58978605a9daa718425c74c4bce5ae3e53712909148"
 		logic_hash = "5734f6a249656f22a2a363b42ae77b5e6b7673bc96bad34b04b1be7f2b584b08"
 		score = 75
@@ -81251,8 +84222,8 @@ rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE
 		date = "2022-04-04"
 		modified = "2022-06-09"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0330e072b7003f55a3153ac3e0859369b9c3e22779b113284e95ce1e2ce2099"
 		logic_hash = "ddc8c97598b2d961dc51bdf2c7ab96abcec63824acd39b767bc175371844c1e5"
 		score = 75
@@ -81280,8 +84251,8 @@ rule ELASTIC_Linux_Backdoor_Python_00606Bac : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Python.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Python.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3e3728d43535f47a1c15b915c2d29835d9769a9dc69eb1b16e40d5ba1b98460"
 		logic_hash = "92ad2cf4aa848c8f3bcedd319654bf5ef873cd4daba62572381c7e20f0296b82"
 		score = 75
@@ -81309,8 +84280,8 @@ rule ELASTIC_Linux_Trojan_Sambashell_F423755D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bd8a3728a59afbf433799578ef597b9a7211c8d62e87a25209398814851a77ea"
 		logic_hash = "b93c671fae87cd635679142d248cb2b754389ba3b416f3370ea331640eb906ab"
 		score = 75
@@ -81338,8 +84309,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_8Bd3002C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2"
 		logic_hash = "578fd1c3e6091df9550b3c2caf999d7a0432f037b0cc4b15642531e7fdffd7b7"
 		score = 75
@@ -81367,8 +84338,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_A592A280 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2"
 		logic_hash = "b16cf5b527782680cc1da6f61dd537596792fed615993b19965ef2dbde701e64"
 		score = 75
@@ -81396,8 +84367,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D57Aa841 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7"
 		logic_hash = "b0db72ad81d27f5b2ac2d2bb903ff10849c304d40619fd95a39e7d48c64c45ba"
 		score = 75
@@ -81425,8 +84396,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_B97E0253 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2"
 		logic_hash = "dc11d50166a4d1b400c0df81295054192d42822dd3e065e374a92a31727d4dbd"
 		score = 75
@@ -81454,8 +84425,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_66C465A0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a"
 		logic_hash = "71f224e3ee1ff29787258a61f29a37a9ddc51e9cb5df0693ea52fd4b6f0b5ad8"
 		score = 75
@@ -81483,8 +84454,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D8573802 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a"
 		logic_hash = "b51ab7a7c26e889a4e8efc2b9883f709c17d82032b0c28ab3e30229d6f296367"
 		score = 75
@@ -81512,8 +84483,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_7926Bc8E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7"
 		logic_hash = "ac42dd714696825d64402861e96122cce7cd09ae8d9c43a19dd9cf95d7b09610"
 		score = 75
@@ -81541,8 +84512,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_E2377400 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b88daf00a0e890b6750e691856b0fe7428d90d417d9503f62a917053e340228b"
 		logic_hash = "71276698d1bdb9bc494fe6f1aa9755940583331836abc490e0b5ac3454d35de6"
 		score = 75
@@ -81570,8 +84541,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_994F1E97 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2384e787877b622445d7d14053a8340d2e97d3ab103a3fabfa08a40068726ad0"
 		score = 75
 		quality = 75
@@ -81598,8 +84569,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_F24023F3 : BETA FILE MEMORY
 		date = "2020-10-15"
 		modified = "2021-08-23"
 		reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5695b44f6ce018a91a99b6c94feae740ff4ac187e232bc9044e51d62d1f42bfa"
 		score = 75
 		quality = 75
@@ -81632,8 +84603,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_4Ec2B90C : BETA FILE MEMORY
 		date = "2020-10-15"
 		modified = "2021-08-23"
 		reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8342d92e1486b1289645828e5ee5f1f6f21a0e645dd7cc4eca908ed59c2f1c4c"
 		score = 75
 		quality = 73
@@ -81663,8 +84634,8 @@ rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY
 		date = "2021-08-16"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569"
 		logic_hash = "5886e3316839e64f934a0e84d85074e076f3e1e44f86fee35a87eb560bfa2aa7"
 		score = 75
@@ -81696,8 +84667,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_1Cab7Ea1 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8bae3ea4304473209fc770673b680154bf227ce30f6299101d93fe830da0fe91"
 		score = 75
 		quality = 73
@@ -81725,8 +84696,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_7E802F95 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8f293cdbdc3c395e18c304dfa43d0dcdb52b18bde5b5d084190ceec70aea6cbd"
 		score = 75
 		quality = 75
@@ -81755,8 +84726,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_Efafbe48 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c9d203620e0e6e04d717595ca70a5e5efa74abfc11e4e732d729caab2d246c27"
 		score = 75
 		quality = 75
@@ -81792,8 +84763,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_5625D3F6 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8c22cf9dfbeba7391f6d2370c88129650ef4c778464e676752de1d0fd9c5b34e"
 		score = 75
 		quality = 75
@@ -81824,8 +84795,8 @@ rule ELASTIC_Windows_Trojan_Whispergate_9192618B : FILE MEMORY
 		date = "2022-01-17"
 		modified = "2022-01-17"
 		reference = "https://www.elastic.co/security-labs/operation-bleeding-bear"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78"
 		logic_hash = "28bb08d61d99d2bfc49ba18cdbabc34c31a715ae6439ab25bbce8cc6958ed381"
 		score = 75
@@ -81857,8 +84828,8 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a637ea8f070e1edf2c9c81450e83934c177696171b24b4dff32dfb23cefa56d3"
 		logic_hash = "60b4cc388975ce030e03c5c3a48adcfeec25299105206909163f20100fbf45d8"
 		score = 75
@@ -81877,6 +84848,621 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Trojan_Metasploit_69E20012 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Metasploit (Linux.Trojan.Metasploit)"
+		author = "Elastic Security"
+		id = "69e20012-4f5d-42ce-9913-8bf793d2a695"
+		date = "2024-05-03"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "debb5d12c1b876f47a0057aad19b897c21f17de7b02c0e42f4cce478970f0120"
+		logic_hash = "5d3c3e3ba7d5d0c20d2fa1a53032da9a93a6727dcd6cb3497bb7bfb8272e4f2b"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "263efec478e54c025ed35bba18a0678ceba36c90f42ccca825f2ba1202e58248"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$mmap = { 31 FF 6A 09 58 99 B6 10 48 89 D6 4D 31 C9 6A 22 41 5A 6A 07 5A 0F 05 48 85 C0 78 }
+		$socket = { 41 59 50 6A 29 58 99 6A 02 5F 6A 01 5E [0-6] 0F 05 48 85 C0 78 }
+		$connect = { 51 48 89 E6 6A 10 5A 6A 2A 58 0F 05 59 48 85 C0 79 }
+		$failure_handler = { 57 6A 23 58 6A 00 6A 05 48 89 E7 48 31 F6 0F 05 59 59 5F 48 85 C0 79 }
+		$exit = { 6A 3C 58 6A 01 5F 0F 05 }
+		$receive = { 5A 0F 05 48 85 C0 78 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_0C629849 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Metasploit (Linux.Trojan.Metasploit)"
+		author = "Elastic Security"
+		id = "0c629849-8127-4fec-a225-da29bf41435e"
+		date = "2024-05-03"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "ad070542729f3c80d6a981b351095ab8ac836b89a5c788dff367760a2d8b1dbb"
+		logic_hash = "2bea8f569728ba81af4024bf062a06a5c91b1f057a0b62fe6d51b6fcadedf58c"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "3e98ffa46e438421056bf4424382baa6fbe30e5fc16dbd227bceb834873dbe41"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$socket_call = { 6A 29 58 6A 0A 5F 6A 01 5E 31 D2 0F 05 50 5F }
+		$populate_sockaddr_in6 = { 99 52 52 52 66 68 }
+		$calls = { 6A 31 58 6A 1C 5A 0F 05 6A 32 58 6A 01 5E 0F 05 6A 2B 58 99 52 52 54 5E 6A 1C 48 8D 14 24 0F 05 }
+		$dup2 = { 48 97 6A 03 5E 6A 21 58 FF CE 0F 05 E0 F7 }
+		$exec_call = { 6A 3B 58 99 48 BB 2F 62 69 6E 2F 73 68 00 53 54 5F 0F 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_849Cc5D5 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Metasploit (Linux.Trojan.Metasploit)"
+		author = "Elastic Security"
+		id = "849cc5d5-737a-4ea4-9bb6-cec26b132ff2"
+		date = "2024-05-03"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "42d734dbd33295bd68e5a545a29303a2104a5a92e5fee31d645e2a6410cc03e9"
+		logic_hash = "01c708b1e000aecf473e0a1cf23f3812a337b9b21f5b81f7a5e481d06fdaeb16"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "859638998983b9dc0cffc204985b2c4db8a4fb2a97ff4e791fd6762ff6b1f5da"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$init1 = { 6A 29 58 99 6A 02 5F 6A 01 5E 0F 05 48 97 }
+		$init2 = { 6A 10 5A 6A ?? 58 0F }
+		$shell1 = { 6A 03 5E 48 FF CE 6A 21 58 0F 05 75 F6 6A 3B 58 99 48 BB 2F 62 69 6E 2F 73 68 00 53 48 89 E7 52 57 48 89 E6 0F 05 }
+		$shell2 = { 48 96 6A 2B 58 0F 05 50 56 5F 6A 09 58 99 B6 10 48 89 D6 4D 31 C9 6A 22 41 5A B2 07 0F 05 48 96 48 97 5F 0F 05 FF E6 }
+
+	condition:
+		all of ($init*) and 1 of ($shell*)
+}
+rule ELASTIC_Linux_Trojan_Metasploit_Da378432 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Metasploit (Linux.Trojan.Metasploit)"
+		author = "Elastic Security"
+		id = "da378432-d549-4ba8-9e33-a0d0656fc032"
+		date = "2024-05-03"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "277499da700e0dbe27269c7cfb1fc385313c4483912a9a3f0c15adba33ecd0bf"
+		logic_hash = "cd9df6dff23986d61176e4d3440516b0590abdeebef0e456d1f4924724556fe9"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "db6e226c18211d845c3495bb39472646e64842d4e4dd02d9aad29178fd22ea95"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 6A 29 58 99 6A 02 5F 6A 01 5E 0F 05 48 97 }
+		$str2 = { 6A 10 5A 6A ?? 58 0F }
+		$str3 = { 6A 03 5E 48 FF CE 6A 21 58 0F 05 75 F6 6A 3B 58 99 48 BB 2F 62 69 6E 2F 73 68 00 53 48 89 E7 52 57 48 89 E6 0F 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_B957E45D : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom nonx TCP reverse shells"
+		author = "Elastic Security"
+		id = "b957e45d-0eb6-4580-af84-98608bbc34ef"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "78af84bad4934283024f4bf72dfbf9cc081d2b92a9de32cc36e1289131c783ab"
+		logic_hash = "27281303d007e6723308e88f335f52723b3ff0ef733d1a0712f5ba268e53a073"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "ac71352e2b4c8ee8917b1469cd33e6b54eb4cdcd96f02414465127c5cad6b710"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB 53 43 53 6A 02 6A 66 58 89 E1 CD 80 97 5B }
+		$str2 = { 66 53 89 E1 6A 66 58 50 51 57 89 E1 43 CD 80 5B 99 B6 0C B0 03 CD 80 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_1A98F2E2 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom nonx TCP bind shells"
+		author = "Elastic Security"
+		id = "1a98f2e2-9354-4d04-b1c0-d3998e54e2c4"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "89be4507c9c24c4ec9a7282f197a9a6819e696d2832df81f7e544095d048fc22"
+		logic_hash = "23ea1c255472a67746b470e50d982bc91d22ede5e2582cf5cfaa90a1ed4e8805"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "b9865aad13b4d837e7541fe6a501405aa7d694c8fefd96633c0239031ebec17a"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB 53 43 53 6A 02 6A 66 58 99 89 E1 CD 80 96 43 52 }
+		$str2 = { 66 53 89 E1 6A 66 58 50 51 56 89 E1 CD 80 B0 66 D1 E3 CD 80 52 52 56 43 89 E1 B0 66 CD 80 93 B6 0C B0 03 CD 80 89 DF }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_D74153F6 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom IPv6 TCP reverse shells"
+		author = "Elastic Security"
+		id = "d74153f6-0047-4576-8c3e-db0525bb3a92"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "2823d27492e2e7a95b67a08cb269eb6f4175451d58b098ae429330913397d40a"
+		logic_hash = "c60e7e63183f5bf0354a03f8399576e494e44a30257339ebccb6c19e954d6f3a"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "824baa1ee7fda8074d76e167d3c5cc1911c7224bb72b1add5e360f26689b48c2"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB 53 43 53 6A 0A 89 E1 6A 66 58 CD 80 96 99 }
+		$str2 = { 89 E1 6A 1C 51 56 89 E1 43 43 6A 66 58 CD 80 89 F3 B6 0C B0 03 CD 80 89 DF }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_F7A31E87 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom shell find tag payloads"
+		author = "Elastic Security"
+		id = "f7a31e87-c3d7-4a26-9879-68893780283e"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "82b55d8c0f0175d02399aaf88ad9e92e2e37ef27d52c7f71271f3516ba884847"
+		logic_hash = "49583ba4f2bedb9337a8c10df4246bb76a3e60b08ba1a6b8684537fee985d911"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "7171cb9989405be295479275d8824ced7e3616097db88e3b0f8f1ef6798607e2"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$setup = { 31 DB 53 89 E6 6A 40 B7 0A 53 56 53 89 E1 86 FB 66 FF 01 6A 66 58 CD 80 81 3E }
+		$payload1 = { 5F FC AD FF }
+		$payload2 = { 5F 89 FB 6A 02 59 6A 3F 58 CD 80 49 79 ?? 6A 0B 58 99 52 68 2F 2F 73 68 68 2F 62 69 6E 89 E3 52 53 89 E1 CD 80 }
+
+	condition:
+		$setup and 1 of ($payload*)
+}
+rule ELASTIC_Linux_Trojan_Metasploit_B0D2D4A4 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom shell find port payloads"
+		author = "Elastic Security"
+		id = "b0d2d4a4-4fd6-4fc0-959b-89d6969215ed"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "a37c888875e84069763303476f0df6769df6015b33aded59fc1e23eb604f2163"
+		logic_hash = "bcabf74900222074ecf9051b6e0cb4ca7a240acd047a1b27137d1d198e23f161"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f6d2e001d8cfb6f086327ddb457a964932a8200ff60ea973b26ac9fb909b4a9c"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB 53 89 E7 6A 10 54 57 53 89 E1 B3 07 FF 01 6A 66 58 CD 80 }
+		$str2 = { 5B 6A 02 59 B0 3F CD 80 49 }
+		$str3 = { 50 68 2F 2F 73 68 68 2F 62 69 6E 89 E3 50 53 89 E1 99 B0 0B CD 80 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_5D26689F : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom bind TCP random port payloads"
+		author = "Elastic Security"
+		id = "5d26689f-3d3a-41f1-ac32-161b3b312b74"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "dafefb4d79d848384442a697b1316d93fef2741fca854be744896ce1d7f82073"
+		logic_hash = "e7906273aa7f42920be9d06cdae89c81e0a99e532cdcd7bd714acc5f2bbb0ed5"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "b78fda9794dc24507405fc04bdc0a3e8abfcdc5c757787b7d9822f4ea2190120"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$tiny_bind = { 31 D2 52 68 2F 2F 73 68 68 2F 62 69 6E 68 2D 6C 65 2F 89 E7 52 68 2F 2F 6E 63 68 2F 62 69 6E 89 E3 52 57 53 89 E1 31 C0 B0 0B CD 80 }
+		$reg_bind_setup = { 31 DB F7 E3 B0 66 43 52 53 6A 02 89 E1 CD 80 52 50 89 E1 B0 66 B3 04 CD 80 B0 66 43 CD 80 59 93 }
+		$reg_bind_dup_loop = { 6A 3F 58 CD 80 49 79 }
+		$reg_bind_execve = { B0 0B 68 2F 2F 73 68 68 2F 62 69 6E 89 E3 41 CD 80 }
+
+	condition:
+		($tiny_bind) or ( all of ($reg_bind*))
+}
+rule ELASTIC_Linux_Trojan_Metasploit_1C8C98Ae : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom add user payloads"
+		author = "Elastic Security"
+		id = "1c8c98ae-46c8-45fe-ab42-7b053f0357ed"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "1a2c40531584ed485f3ff532f4269241a76ff171956d03e4f0d3f9c950f186d4"
+		logic_hash = "fc32aa29f58478f0b7f4f5be61aadec65842c05b7d8ded840530503eae28b8eb"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "a3b592cc6d9b00f76a1084c7c124cc199149ada5b8dc206cff3133718f045c9d"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 C9 89 CB 6A 46 58 CD 80 6A 05 58 31 C9 51 68 73 73 77 64 68 2F 2F 70 61 68 2F 65 74 63 89 E3 41 B5 04 CD 80 93 }
+		$str2 = { 59 8B 51 FC 6A 04 58 CD 80 6A 01 58 CD 80 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_47F4B334 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom exec payloads"
+		author = "Elastic Security"
+		id = "47f4b334-619b-4b9c-841d-b00c09dd98e5"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "c3821f63a7ec8861a6168b4bb494bf8cbac436b3abf5eaffbc6907fd68ebedb8"
+		logic_hash = "34c8182d3b5ecbebd122d2d58fc0502a6bbca020b528ffdcc9ee988f21512d99"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "955d65f1097ec9183db8bd3da43090f579a27461ba345bb74f62426734731184"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$payload1 = { 31 C9 F7 E1 B0 0B [0-1] 68 2F ?? ?? ?? 68 2F 62 69 6E 89 E3 CD 80 }
+		$payload2a = { 31 DB F7 E3 B0 0B 52 }
+		$payload2b = { 88 14 1E 52 68 2F 2F 73 68 68 2F 62 69 6E 89 E3 52 56 57 53 89 E1 CD 80 }
+		$payload3a = { 6A 0B 58 99 52 }
+		$payload3b = { 89 E7 68 2F 73 68 00 68 2F 62 69 6E 89 E3 52 E8 }
+		$payload3c = { 57 53 89 E1 CD 80 }
+
+	condition:
+		$payload1 or ( all of ($payload2*)) or ( all of ($payload3*))
+}
+rule ELASTIC_Linux_Trojan_Metasploit_0B014E0E : FILE MEMORY
+{
+	meta:
+		description = "Detects x64 msfvenom exec payloads"
+		author = "Elastic Security"
+		id = "0b014e0e-3f5a-4dcc-8860-eb101281b8a5"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "a24443331508cc72b3391353f91cd009cafcc223ac5939eab12faf57447e3162"
+		logic_hash = "cb19a0461d5fe6066d1fed4898ea12a9818be69d870e511559b19d5c7c959819"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "7a61a0e169bf6aa8760b42c5b260dee453ea6a85fe9e5da46fb7598994904747"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$payload1 = { 48 B8 2F [0-1] 62 69 6E 2F 73 68 ?? ?? 50 54 5F 52 5E 6A 3B 58 0F 05 }
+		$payload2a = { 48 B8 2F 2F 62 69 6E 2F 73 68 99 EB ?? 5D 52 5B }
+		$payload2b = { 54 5E 52 50 54 5F 52 55 56 57 54 5E 6A 3B 58 0F 05 }
+		$payload3a = { 48 B8 2F 62 69 6E 2F 73 68 00 99 50 54 5F 52 }
+		$payload3b = { 54 5E 52 E8 }
+		$payload3c = { 56 57 54 5E 6A 3B 58 0F 05 }
+
+	condition:
+		$payload1 or ( all of ($payload2*)) or ( all of ($payload3*))
+}
+rule ELASTIC_Linux_Trojan_Metasploit_Ccc99Be1 : FILE MEMORY
+{
+	meta:
+		description = "Detects x64 msfvenom pingback bind shell payloads"
+		author = "Elastic Security"
+		id = "ccc99be1-6ea9-4090-acba-3bbe82b127c1"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "0e9f52d7aa6bff33bfbdba6513d402db3913d4036a5e1c1c83f4ccd5cc8107c8"
+		logic_hash = "96af2123251587ece32e424202ff61cfa70faf2916cacddf5fcd9d81bf483032"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "88e30402974b853e5f83a3033129d99e7dd1f6b31b5855b1602ef2659a0f7f56"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 56 50 6A 29 58 99 6A 02 5F 6A 01 5E 0F 05 48 85 C0 }
+		$str2 = { 51 48 89 E6 54 5E 6A 31 58 6A 10 5A 0F 05 6A 32 58 6A 01 5E 0F 05 }
+		$str3 = { 6A 2B 58 99 52 52 54 5E 6A 1C 48 8D 14 24 0F 05 48 97 }
+		$str4 = { 5E 48 31 C0 48 FF C0 0F 05 6A 3C 58 6A 01 5F 0F 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_Ed4B2C85 : FILE MEMORY
+{
+	meta:
+		description = "Detects x64 msfvenom bind TCP random port payloads"
+		author = "Elastic Security"
+		id = "ed4b2c85-730f-4a77-97ed-5439a0493a4a"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "0709a60149ca110f6e016a257f9ac35c6f64f50cfbd71075c4ca8bfe843c3211"
+		logic_hash = "79e466b2f40a6769db498cc28cb22ba72ec20f92c8450d6f1f8301d00012f967"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "c38513fa6b1ed23ec91ae316af9793c5c01ac94b43ba5502f9c32a0854aec96f"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str = { 6A 29 58 99 6A 01 5E 6A 02 5F 0F 05 97 B0 32 0F 05 96 B0 2B 0F 05 97 96 FF CE 6A 21 58 0F 05 75 ?? 52 48 BF 2F 2F 62 69 6E 2F 73 68 57 54 5F B0 3B 0F 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_2B0Ad6F0 : FILE MEMORY
+{
+	meta:
+		description = "Detects x64 msfvenom find TCP port payloads"
+		author = "Elastic Security"
+		id = "2b0ad6f0-44d2-4e7e-8cca-2b0ae1b88d48"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "aa2bce61511c72ac03562b5178aad57bce8b46916160689ed07693790cbfbeec"
+		logic_hash = "91b4547e44c40cafe09dd415f0b5dfe5980fcb10d50aeae844cf21e7608d9a9d"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "b15da42f957107d54bfad78eff3a703cc2a54afcef8207d42292f2520690d585"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 48 31 FF 48 31 DB B3 18 48 29 DC 48 8D 14 24 48 C7 02 10 00 00 00 48 8D 74 24 08 6A 34 58 0F 05 48 FF C7 }
+		$str2 = { 48 FF CF 6A 02 5E 6A 21 58 0F 05 48 FF CE 79 }
+		$str3 = { 48 89 F3 BB 41 2F 73 68 B8 2F 62 69 6E 48 C1 EB 08 48 C1 E3 20 48 09 D8 50 48 89 E7 48 31 F6 48 89 F2 6A 3B 58 0F 05 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_Bf205D5A : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom bind IPv6 TCP shell payloads "
+		author = "Elastic Security"
+		id = "bf205d5a-2bba-497a-8d40-58422e91fe45"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "2162a89f70edd7a7f93f8972c6a13782fb466cdada41f255f0511730ec20d037"
+		logic_hash = "9f4c84fadc3d7555c80efc9c9c5dcb01d4ea65d2ff191aa63ae8316f763ded3f"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "91ac22c6302de26717f0666c59fa3765144df2d22d0c3a311a106bc1d9d2ae70"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 6A 7D 58 99 B2 07 B9 00 10 00 00 89 E3 66 81 E3 00 F0 CD 80 31 DB F7 E3 53 43 53 6A ?? 89 E1 B0 66 CD 80 }
+		$str2 = { 51 6A 04 54 6A 02 6A 01 50 }
+		$str3 = { 6A 0E 5B 6A 66 58 CD 80 89 F8 83 C4 14 59 5B 5E }
+		$str4 = { CD 80 93 B6 0C B0 03 CD 80 87 DF 5B B0 06 CD 80 }
+		$ipv6 = { 6A 02 5B 52 52 52 52 52 52 ?? ?? ?? ?? ?? 89 E1 6A 1C }
+		$socket = { 51 50 89 E1 6A 66 58 CD 80 D1 E3 B0 66 CD 80 57 43 B0 66 89 51 04 CD 80 }
+
+	condition:
+		3 of ($str*) and $ipv6 and $socket
+}
+rule ELASTIC_Linux_Trojan_Metasploit_E5B61173 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom stageless TCP reverse shell payload"
+		author = "Elastic Security"
+		id = "e5b61173-cf1c-4176-bc43-550c0213ce98"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "8032a7a320102c8e038db16d51b8615ee49f04dab1444326463f75ce0c5947a5"
+		logic_hash = "f60d2de0b7fac06b62616d7c7f51e9374df3895eb30a07040e742cbcb462a418"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "7052cce595dbbf36aed5e1edab12a75f06059e6267c859516011d8feb9e328e6"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB F7 E3 53 43 53 6A 02 89 E1 B0 66 CD 80 93 59 B0 3F CD 80 49 79 }
+		$str2 = { 89 E1 B0 66 50 51 53 B3 03 89 E1 CD 80 52 }
+		$str3 = { 89 E3 52 53 89 E1 B0 0B CD 80 }
+
+	condition:
+		all of them
+}
+rule ELASTIC_Linux_Trojan_Metasploit_Dd5Fd075 : FILE MEMORY
+{
+	meta:
+		description = "Detects x86 msfvenom TCP bind shell payloads"
+		author = "Elastic Security"
+		id = "dd5fd075-bd52-47a9-b737-e55ab10a071d"
+		date = "2024-05-07"
+		modified = "2024-05-21"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b47132a92b66c32c88f39fe36d0287c6b864043273939116225235d4c5b4043a"
+		logic_hash = "f5101d5ddb1a84127e755677da70d9154849c546ac6ef0e7ef2639c82911eb92"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "df2a4f90ec3227555671136c18931118fc9df32340d87aeb3f3fa7fdf2ba6179"
+		threat_name = "Linux.Trojan.Metasploit"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$str1 = { 31 DB F7 E3 53 43 53 6A 02 89 E1 B0 66 CD 80 5B 5E 52 }
+		$str2 = { 6A 10 51 50 89 E1 6A 66 58 CD 80 89 41 04 B3 04 B0 66 CD 80 43 B0 66 CD 80 93 59 }
+		$str3 = { 6A 3F 58 CD 80 49 79 F8 68 2F 2F 73 68 68 2F 62 69 6E 89 E3 50 53 89 E1 B0 0B CD 80 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY
 {
 	meta:
@@ -81886,8 +85472,8 @@ rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY
 		date = "2022-08-10"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bandook.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bandook.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4d079586a51168aac708a9ab7d11a5a49dfe7a16d9ced852fbbc5884020c0c97"
 		logic_hash = "199614993f63636764808313f25199348afdf4d537c8dca06f673559e34636b8"
 		score = 75
@@ -81920,8 +85506,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_4034_1C8F235D : FILE CVE_2021_4034
 		date = "2022-01-26"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "94052c42aa41d0911e4b425dcfd6b829cec8f673bf1245af4050ef9c257f6c4b"
 		logic_hash = "217df6687076a715712a053672d7b02567a3ee38ce9c0ccf80d23fcfde35592a"
 		score = 75
@@ -81950,8 +85536,8 @@ rule ELASTIC_Windows_Vulndriver_Atillk_18316Dd9 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173"
 		logic_hash = "02d218d0a0ea447e4ad0b03bff50c307ca5f36b8ed268787cd73c88a05aa4214"
 		score = 75
@@ -81981,8 +85567,8 @@ rule ELASTIC_Windows_Trojan_Revengerat_Db91Bcc6 : FILE MEMORY
 		date = "2021-09-02"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "30d8f81a19976d67b495eb1324372598cc25e1e69179c11efa22025341e455bd"
 		logic_hash = "1e33cb1d614aae0b2181ebaca694c69e7fc849b3a3b7ffff7059e8c43553f8cc"
 		score = 75
@@ -82013,8 +85599,8 @@ rule ELASTIC_Windows_Hacktool_Sharplaps_381C3F40 : FILE MEMORY
 		date = "2022-12-22"
 		modified = "2022-12-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425"
 		logic_hash = "d94f9e4200a63283346919c121873130ad90e4ad5979c017cb71dc0cc910a64a"
 		score = 75
@@ -82049,8 +85635,8 @@ rule ELASTIC_Linux_Cryptominer_Minertr_9901E275 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f77246a93782fd8ee40f12659f41fccc5012a429a8600f332c67a7c2669e4e8f"
 		logic_hash = "a18e0763fe9aec6d89b39cefb872b1751727e2d88ec4733b9c8b443b83219763"
 		score = 75
@@ -82078,8 +85664,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_253C44De : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e31eb8880bb084b4c642eba127e64ce99435ea8299a98c183a63a2e6a139d926"
 		logic_hash = "81a07f60765f50c58b2c0f0153367ee570f36c579e9f88fb2f0e49ae5c08773f"
 		score = 75
@@ -82107,8 +85693,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_535F07Ac : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "28b2993d7c8c1d8dfce9cd2206b4a3971d0705fd797b9fde05211686297f6bb0"
 		logic_hash = "539977c1076b71873135cfe02153da87c0e9ac17122f04570977a22c92d2694f"
 		score = 75
@@ -82136,8 +85722,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_Dcf6565E : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "49f3086105bdc160248e66334db00ce37cdc9167a98faac98800b2c97515b6e7"
 		logic_hash = "2bc943e100548e9aacd97930b3230353be760c8a292dbbbd1d0b5646f647c4fe"
 		score = 75
@@ -82165,8 +85751,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_91091Be3 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dca574d13fcbd7d244d434fcbca68136e0097fefc5f131bec36e329448f9a202"
 		logic_hash = "3b55cb3be5775311af4dc90f9624448d30cc58ef1a42729f6ca4eb3b36ad8b06"
 		score = 75
@@ -82194,8 +85780,8 @@ rule ELASTIC_Macos_Trojan_Getshell_F339D74C : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b2199c15500728a522c04320aee000938f7eb69d751a55d7e51a2806d8cd0fe7"
 		logic_hash = "77a409f1a0ab5f87a77a6b2ffa2d4ff7bd6d86c0f685c524e2083585bb3fb764"
 		score = 75
@@ -82223,8 +85809,8 @@ rule ELASTIC_Windows_Trojan_Oskistealer_A158B1E3 : FILE MEMORY
 		date = "2022-03-21"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "568cd515c9a3bce7ef21520761b02cbfc95d8884d5b2dc38fc352af92356c694"
 		logic_hash = "0ddbe0b234ed60f5a3fc537cdaebf39f639ee24fd66143c9036a9f4786d4c51b"
 		score = 75
@@ -82256,8 +85842,8 @@ rule ELASTIC_Windows_Ransomware_Snake_550E0265 : BETA FILE MEMORY
 		date = "2020-06-30"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Snake.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Snake.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d9c2f6961a4ef560743060ed176bdc606561ca1b8270b8826cb0dbadaf4e5dbc"
 		score = 75
 		quality = 75
@@ -82289,8 +85875,8 @@ rule ELASTIC_Windows_Ransomware_Snake_119F9C83 : BETA FILE MEMORY
 		date = "2020-06-30"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Snake.yar#L26-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Snake.yar#L26-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "cf6c81e7332acc798409a05a548460bad0ac3621402672c242e48a1b6bccdae6"
 		score = 75
 		quality = 75
@@ -82319,8 +85905,8 @@ rule ELASTIC_Windows_Ransomware_Snake_20Bc5Abc : BETA FILE MEMORY
 		date = "2020-06-30"
 		modified = "2021-08-23"
 		reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Snake.yar#L48-L67"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Snake.yar#L48-L67"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f3d8a523e04e516e8e059c9f13df355e6caf29a528cfebdf730e3a7d135e3351"
 		score = 75
 		quality = 75
@@ -82348,8 +85934,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_928812A7 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91"
 		logic_hash = "82ca874d60d8a0ee04aca39f59415f22797e7e0337314c88dd8ebad1a823d200"
 		score = 75
@@ -82378,8 +85964,8 @@ rule ELASTIC_Linux_Rootkit_Adore_Fe3Fd09F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Rootkit_Adore.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Rootkit_Adore.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f4e532b840e279daf3d206e9214a1b065f97deb7c1487a34ac5cbd7cbbf33e1a"
 		logic_hash = "cc07efb9484562cd870649a38126f08aa4e99ed5ad4662ece0488d9ffd97520e"
 		score = 75
@@ -82407,8 +85993,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_3793364E : FILE MEMORY
 		date = "2023-09-25"
 		modified = "2023-09-25"
 		reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c9f03767b92bb2c44f6b386e1f0a521f1a7a063cf73799844cc3423d4a7de7be"
 		score = 75
 		quality = 75
@@ -82436,8 +86022,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_E510798D : FILE MEMORY
 		date = "2023-09-25"
 		modified = "2023-09-25"
 		reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7919bb5f19745a1620e6be91622c40083cbd2ddb02905215736a2ed11e9af5c4"
 		score = 75
 		quality = 75
@@ -82465,8 +86051,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_63084Eea : FILE MEMORY
 		date = "2023-09-25"
 		modified = "2023-09-25"
 		reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3fe64502992281511e942b8f4541d61b33e900dbe23ea9f976c7eb9522ce4cbd"
 		score = 75
 		quality = 75
@@ -82493,8 +86079,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_C2D80609 : FILE MEMORY
 		date = "2023-09-25"
 		modified = "2023-09-25"
 		reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "694a0f917f106fbdde4c8e5dd8f9cdce56e9423ce5a7c3a5bf30bf43308d42e9"
 		score = 75
 		quality = 75
@@ -82521,8 +86107,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY
 		date = "2023-09-25"
 		modified = "2023-11-02"
 		reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fd5cfe2558a7c02a617003140cdcf477ec451ecea4adf2808bef8f93673c28f1"
 		score = 75
 		quality = 75
@@ -82554,8 +86140,8 @@ rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY
 		date = "2022-02-24"
 		modified = "2022-02-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Generic.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Generic.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382"
 		logic_hash = "2284cfc91d17816f1733e8fe319af52bc66af467364d27f84e213082c216ae8b"
 		score = 75
@@ -82586,8 +86172,8 @@ rule ELASTIC_Linux_Exploit_Foda_F41E9Ef9 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Foda.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Foda.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6059a6dd039b5efa36ce97acbb01406128aaf6062429474e422624ee69783ca8"
 		logic_hash = "7b15fef304b91601a76c6fcf48a892105d6eedf5a3e2395ab7c2937a84709d9f"
 		score = 75
@@ -82615,8 +86201,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_D3F68E29 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d9c78c822dfd29a1d9b1909bf95cab2a9550903e8f5f178edeb7a5a80129fbdb"
 		logic_hash = "cc336e536e0f8dda47f9551dfabfc50c2094fffe4a69cdcec23824dd063dede0"
 		score = 75
@@ -82646,8 +86232,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_365Ecbb9 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf"
 		logic_hash = "66f16c8694c5cfde1b5e4eea03c530fa32a15022fa35acdbb676bb696e7deae2"
 		score = 75
@@ -82675,8 +86261,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_4E7D4488 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf"
 		logic_hash = "708b21b687c8b853a9b5f8a50d31119e4f0a02a5b63f81ba1cac8c06acd19214"
 		score = 75
@@ -82704,8 +86290,8 @@ rule ELASTIC_Windows_Trojan_Pipedance_01C18057 : FILE MEMORY
 		date = "2023-02-02"
 		modified = "2023-02-22"
 		reference = "https://www.elastic.co/security-labs/twice-around-the-dance-floor-with-pipedance"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d3f739e35182992f1e3ade48b8999fb3a5049f48c14db20e38ee63eddc5a1e7"
 		logic_hash = "0c03a725ae930eb829d6a6a9f681489d61aa7f69e72b6b298776f75a98115398"
 		score = 75
@@ -82740,8 +86326,8 @@ rule ELASTIC_Linux_Rootkit_Arkd_Bbd56917 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e0765f0e90839b551778214c2f9ae567dd44838516a3df2c73396a488227a600"
 		logic_hash = "5e1ce9c37d92222e21b43f9e5f3275a70c6e8eb541c3762f9382c5d5c72fb50d"
 		score = 75
@@ -82769,8 +86355,8 @@ rule ELASTIC_Multi_Hacktool_Rakshasa_D5D3Ef21 : FILE MEMORY
 		date = "2024-01-24"
 		modified = "2024-01-29"
 		reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ccfa30a40445d5237aaee1e015ecfcd9bdbe7665a6dc2736b28e5ebf07ec4597"
 		logic_hash = "123cbea0ce02012a9b22a4a241d11aa9acbb58b50a1bd9228da7cadbf0fa1b4e"
 		score = 75
@@ -82802,8 +86388,8 @@ rule ELASTIC_Windows_Ransomware_Clop_6A1670Aa : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Clop.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Clop.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "afe28000d50495bf2f2adc6cbf0159591ce87bff207f3c6a1d38e09f9ed328d7"
 		score = 75
 		quality = 75
@@ -82831,8 +86417,8 @@ rule ELASTIC_Windows_Ransomware_Clop_E04959B5 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Clop.yar#L22-L50"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Clop.yar#L22-L50"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "039fcb0e48898c7546588cd095fac16f06cf5e5568141aefb6db382a61e80a8d"
 		score = 75
 		quality = 50
@@ -82869,8 +86455,8 @@ rule ELASTIC_Windows_Ransomware_Clop_9Ac9Ea3E : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Clop.yar#L52-L71"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Clop.yar#L52-L71"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1228ee4b934faf1d5f8cf4518974cd2c80a73d84c8a354bde4813fb97ba516d7"
 		score = 75
 		quality = 75
@@ -82898,8 +86484,8 @@ rule ELASTIC_Windows_Ransomware_Clop_606020E7 : BETA FILE MEMORY
 		date = "2020-05-03"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Clop.yar#L73-L92"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Clop.yar#L73-L92"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f5169b324bc19f6f5a04c99f1d3326c97300d038ec383c3eab94eb258963ac30"
 		score = 75
 		quality = 75
@@ -82927,8 +86513,8 @@ rule ELASTIC_Windows_Infostealer_Strela_0Dc3E4A1 : MEMORY
 		date = "2024-03-25"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Infostealer_Strela.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Infostealer_Strela.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e6991b12e86629b38e178fef129dfda1d454391ffbb236703f8c026d6d55b9a1"
 		logic_hash = "3e4756f817970a5373183b4d0f893edf0b08fe146c79ed83f86d191199c25095"
 		score = 75
@@ -82960,8 +86546,8 @@ rule ELASTIC_Windows_Trojan_Blackwood_2B94Bce9 : FILE MEMORY
 		date = "2024-03-22"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c37dd77f659059da7e12e13b063036ee69097a4d2f88c170832fff78f3788991"
 		logic_hash = "279e85ce3bb974ce5af541e7307cb2fd1031f36c9da013756883172a765b0e19"
 		score = 75
@@ -82996,8 +86582,8 @@ rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "023a7f9ed082d9dd7be6eba5942bfa77f8e618c2d15a8bc384d85223c5b91a0c"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "be33fdda50ef0ea1a0cf45835cc2b7a805cecb3fff371ed6d93e01c2d477d867"
 		score = 75
 		quality = 75
@@ -83024,8 +86610,8 @@ rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Setag.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Setag.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3519d9e4bfa18c19b49d0fa15ef78151bd13db9614406c4569720d20830f3cbb"
 		score = 75
 		quality = 75
@@ -83052,8 +86638,8 @@ rule ELASTIC_Linux_Trojan_Setag_01E2F79B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Setag.yar#L20-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Setag.yar#L20-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b5e8486174026491341a750f6367959999bbacd3689215f59a62dbb13a45fcc"
 		logic_hash = "1e0336760f364acbbe0e8aec10bc7bfb48ed7e33cde56d8914617664cb93fd9b"
 		score = 75
@@ -83081,8 +86667,8 @@ rule ELASTIC_Macos_Virus_Vsearch_0Dd3Ec6F : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "17a467b000117ea6c39fbd40b502ac9c7d59a97408c2cdfb09c65b2bb09924e5"
 		score = 75
 		quality = 75
@@ -83109,8 +86695,8 @@ rule ELASTIC_Macos_Virus_Vsearch_2A0419F8 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fa9b811465e435bff5bc0f149ff65f57932c94f548a5ece4ec54ba775cdbb55a"
 		score = 75
 		quality = 75
@@ -83137,8 +86723,8 @@ rule ELASTIC_Windows_Ransomware_Maui_266Dea64 : FILE MEMORY
 		date = "2022-07-08"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Maui.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Maui.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e"
 		logic_hash = "2094920615b6297adb222003d25a8d0934a89f24869e7e70644a4956021c7afc"
 		score = 75
@@ -83176,8 +86762,8 @@ rule ELASTIC_Multi_Trojan_Coreimpact_37703Dc3 : FILE MEMORY
 		date = "2022-08-10"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2d954908da9f63cd3942c0df2e8bb5fe861ac5a336ddef2bd0a977cebe030ad7"
 		logic_hash = "0695f22d6eb8c1b335c43213087539db419562bebd6f5b948cbb168c454bd37c"
 		score = 75
@@ -83209,8 +86795,8 @@ rule ELASTIC_Linux_Exploit_Local_47C64Fb6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360"
 		logic_hash = "7d977edd5fc90c6f03ed5558c690b3dd2102bbff9d7e5124403276405e15201b"
 		score = 75
@@ -83238,8 +86824,8 @@ rule ELASTIC_Linux_Exploit_Local_76C24B62 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b"
 		logic_hash = "ff55d6a316394812cfa1108578aece91050bfb2f7e0f8c0440dcb64156f3e893"
 		score = 75
@@ -83267,8 +86853,8 @@ rule ELASTIC_Linux_Exploit_Local_30C21B03 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029"
 		logic_hash = "396965c457b2e02d7d524d9d5fb3cc76852895ed9675c7b1205a94f47ba10144"
 		score = 75
@@ -83296,8 +86882,8 @@ rule ELASTIC_Linux_Exploit_Local_9Ace9649 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c"
 		logic_hash = "d7a60b0cb7fcbd9e802660bda3e0456f7f4ef9db38b6dab131c160efce48909e"
 		score = 75
@@ -83325,8 +86911,8 @@ rule ELASTIC_Linux_Exploit_Local_705C9589 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88"
 		logic_hash = "9834d564c2acc688750d5e6c53db7c1201ef85c6fb3d1d0ea2425a5ba905ff18"
 		score = 75
@@ -83354,8 +86940,8 @@ rule ELASTIC_Linux_Exploit_Local_A677Fb9C : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8"
 		logic_hash = "9b43e651f73d17dbd2143cec4c79929723689ce738924588e38c99a9554e5545"
 		score = 75
@@ -83383,8 +86969,8 @@ rule ELASTIC_Linux_Exploit_Local_78E50162 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300"
 		logic_hash = "10a5bef486ec0ececfe0a9edfcad7ce053da2a97028cd1648aa27572fedd8ef6"
 		score = 75
@@ -83412,8 +86998,8 @@ rule ELASTIC_Linux_Exploit_Local_3B767A1F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c"
 		logic_hash = "0f24a7d4e8ff0899430aa0a702000f35039b07400120b382b675825630f0ea4e"
 		score = 75
@@ -83441,8 +87027,8 @@ rule ELASTIC_Linux_Exploit_Local_2535C9B6 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b"
 		logic_hash = "222e929d8352ed02714a59b0e1b9777b0f2d80d63cb369fa9bf33460c84efbb2"
 		score = 75
@@ -83470,8 +87056,8 @@ rule ELASTIC_Linux_Exploit_Local_6A9B5D50 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862"
 		logic_hash = "99a18bfb62c195bdea89c688fed4456fee33477878ecdee8a78cd4bf18ad539b"
 		score = 75
@@ -83499,8 +87085,8 @@ rule ELASTIC_Linux_Exploit_Local_66557224 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40"
 		logic_hash = "5583f086d594ebdf5890a8a5fbee5c04fbddfe42adcae07480532d87e474ef0c"
 		score = 75
@@ -83528,8 +87114,8 @@ rule ELASTIC_Linux_Exploit_Local_6229602F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Local.yar#L221-L239"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Local.yar#L221-L239"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa"
 		logic_hash = "c3ab6a36c0c2d430d576f7c0cfdc6d1affcd99d007e2d05596677da9bda5a19e"
 		score = 75
@@ -83557,8 +87143,8 @@ rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "765546a981921187a4a2bed9904fbc2ccb2a5876e0d45c72e79f04a517c1bda3"
 		logic_hash = "f88cc0f02797651e8cdf8e25b67a92f7825ec616b79df21daae798b613baf334"
 		score = 75
@@ -83586,8 +87172,8 @@ rule ELASTIC_Windows_Hacktool_Sharpup_E5C87C9A : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45e92b991b3633b446473115f97366d9f35acd446d00cd4a05981a056660ad27"
 		logic_hash = "62e9aafd308aacbc7a124c707e230c5a9ffde4f6929a5feada5497e3eae7668c"
 		score = 75
@@ -83621,8 +87207,8 @@ rule ELASTIC_Windows_Vulndriver_Speedfan_9B590Eee : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c"
 		logic_hash = "6f75c0e6b89dd1ceb85c73b7e51fd261ca2804e14a5f8ed6ce3352b3f1bcdfe4"
 		score = 75
@@ -83651,8 +87237,8 @@ rule ELASTIC_Windows_Trojan_Jupyter_56152E31 : FILE MEMORY
 		date = "2021-07-22"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601"
 		logic_hash = "7b32e9caca744f4f6b48aefa5fda111e6b7ac81a62dd1fb8873d2c800ac3c42b"
 		score = 75
@@ -83683,8 +87269,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_517Aac7D : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365"
 		logic_hash = "50e061d0c358655c03b95ccbe2d05e252501c3e6afd21dd20513019cd67e6147"
 		score = 75
@@ -83716,8 +87302,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_9996D800 : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365"
 		logic_hash = "efefc171b6390c9792145973708358f62b18b8d0180feacaf5b9267563c3f7cc"
 		score = 75
@@ -83745,8 +87331,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_C219A2F3 : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7204f8caf6ace6ae1aed267de0ad6b39660d0e636d8ee0ecf88135f8a58dc42"
 		logic_hash = "8075892728c610c1ceacd0df54615d2a3e833d728d631a9bf81311e8c6485f6e"
 		score = 75
@@ -83775,8 +87361,8 @@ rule ELASTIC_Linux_Trojan_Connectback_Bf194C93 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Connectback.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Connectback.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6784cb86460bddf1226f71f5f5361463cbda487f813d19cd88e8a4a1eb1a417b"
 		logic_hash = "148626e05caee4a2b2542726ea4e4dab074eeab0572a65fdbd32f5d96544daf8"
 		score = 75
@@ -83804,8 +87390,8 @@ rule ELASTIC_Windows_PUP_Veriato_Fae5978C : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_PUP_Veriato.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_PUP_Veriato.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "53f09e60b188e67cdbf28bda669728a1f83d47b0279debf3d0a8d5176479d17f"
 		logic_hash = "8ae6f8b2b6e3849b33e6a477af52982efe137d7ebeff0c92cee5667d75f05145"
 		score = 75
@@ -83835,8 +87421,8 @@ rule ELASTIC_Linux_Trojan_Mechbot_F2E1C5Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5f8e80e6877ff2de09a12135ee1fc17bee8eb6d811a65495bcbcddf14ecb44a3"
 		logic_hash = "2ba9ece1ab2360702a59a737a20b6dbd8fca276b543477f9290ab80c6f51e2f1"
 		score = 75
@@ -83864,8 +87450,8 @@ rule ELASTIC_Linux_Cryptominer_Ursu_3C05F8Ab : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d72361010184f5a48386860918052dbb8726d40e860ea0287994936702577956"
 		logic_hash = "8261e4ee40131cd7df61914cd7bdf154e8a2b5fa3abd9d301436f9371253f510"
 		score = 75
@@ -83893,8 +87479,8 @@ rule ELASTIC_Linux_Trojan_Marut_47Af730D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Marut.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Marut.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "048ce8059be6697c5f507fb1912ac2adcedab87c75583dd84700984e6d0d81e6"
 		score = 75
 		quality = 75
@@ -83921,8 +87507,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_B35C6F4B : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b"
 		logic_hash = "acc49348267e963af9ff6ba7afa053d4056d4068b4386a872e33e025790ba759"
 		score = 75
@@ -83956,8 +87542,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_8F657F58 : FILE MEMORY
 		date = "2022-02-28"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b"
 		logic_hash = "20a0d8be9c25d50d4dddd455ecb9739f772f57e988855c7fc2df597b2f67585b"
 		score = 75
@@ -83985,8 +87571,8 @@ rule ELASTIC_Windows_Trojan_Sythe_02B2811A : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Sythe.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Sythe.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2d54a8ba40cc9a1c74db7a889bc75a38f16ae2d025268aa07851c1948daa1b4d"
 		logic_hash = "ba472b35f583dd4cf125df575129d07de289d6d7dc12ecdcc518ce1eb9f18def"
 		score = 75
@@ -84017,8 +87603,8 @@ rule ELASTIC_Linux_Exploit_Perl_4A4B8A42 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Perl.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Perl.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214"
 		logic_hash = "c1f7b1c20fe6db6acbe46be38cc97a40de6ca047a4e4490e86610dbff356b395"
 		score = 75
@@ -84046,8 +87632,8 @@ rule ELASTIC_Linux_Exploit_Perl_982Bb709 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Perl.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Perl.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13"
 		logic_hash = "b38e6cb15034c38c31f6b267b9ecaabe8dfa950a2fc8863cfff7705182cffb3a"
 		score = 75
@@ -84075,8 +87661,8 @@ rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Virus_Gmon.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Virus_Gmon.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32"
 		logic_hash = "6dcfd51aaa79d7bac0100d9c891aa4275b8e1f7614cda46a5da4c738d376c729"
 		score = 75
@@ -84104,8 +87690,8 @@ rule ELASTIC_Linux_Virus_Gmon_192Bd9B3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Virus_Gmon.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Virus_Gmon.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32"
 		logic_hash = "3df275349d14a845c73087375f96e0c9a069ff685beb89249590ef9448e50373"
 		score = 75
@@ -84133,8 +87719,8 @@ rule ELASTIC_Windows_Trojan_Bazar_711D59F6 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bazar.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bazar.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e"
 		logic_hash = "3bde62b468c44bdc18878fd369a7f0cf06f7be64149587a11524f725fa875f69"
 		score = 75
@@ -84162,8 +87748,8 @@ rule ELASTIC_Windows_Trojan_Bazar_9Dddea36 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bazar.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bazar.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "63df43daa61f9a0fbea2e5409b8f0063f7af3363b6bc8d6984ce7e90c264727d"
 		logic_hash = "cf88e2e896fce742ad3325d53523167d6eb42188309ed4e66f73601bbb85574e"
 		score = 75
@@ -84191,8 +87777,8 @@ rule ELASTIC_Windows_Trojan_Bazar_3A2Cc53B : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bazar.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bazar.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417"
 		logic_hash = "8cde37be646dbcf7e7f5e3f28f0fe8c95480861c62fa2ee8cdd990859313756c"
 		score = 75
@@ -84220,8 +87806,8 @@ rule ELASTIC_Windows_Trojan_Bazar_De8D625A : FILE MEMORY
 		date = "2022-01-14"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Bazar.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Bazar.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ad9ac4785b82c8bfa355c7343b9afc7b1f163471c41671ea2f9152a1b550f0c"
 		logic_hash = "5fd7bb4ac818ec1b4bfcb7d236868a31b2f726182407c07c7f06c1d7e9c15d02"
 		score = 75
@@ -84249,8 +87835,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_70C153B5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "55b133ba805bb691dc27a5d16d3473650360c988e48af8adc017377eed07935b"
 		logic_hash = "e2fc0721435c656a16e59b6747563df17f0f54a4620efc403a3bba717ccb0f38"
 		score = 75
@@ -84278,8 +87864,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_98B00F9C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c01b88c5d3df7ce828e567bd8d639b135c48106e388cd81497fcbd5dcf30f332"
 		logic_hash = "cf8c5deddf22e7699cd880bd3f9f28721db5ece6705be4f932e1d041893eef71"
 		score = 75
@@ -84307,8 +87893,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2B250178 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "636605cf63d3e335fe9481d4d110c43572e9ab365edfa2b6d16d96b52d6283ef"
 		logic_hash = "067705c52de710372b4a2a3b77427106068ad2d9a8e56602e315d09e7b8b6206"
 		score = 75
@@ -84336,8 +87922,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_67Bf4B54 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d33fba4fda6831d22afc72bf3d6d5349c5393abb3823dfa2a5c9e391d2b9ddf"
 		logic_hash = "448f5b9dc3c17984464c15f6d542f495a52b0531acc362dedfe3d1a20b932969"
 		score = 75
@@ -84365,8 +87951,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_504B42Ca : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "dd3ed5350e0229ac714178a30de28893c30708734faec329c776e189493cf930"
 		score = 75
 		quality = 75
@@ -84393,8 +87979,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1Bb752F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb"
 		logic_hash = "47aa5516350d5c00d1387649df46ce8f09d87bdfafeaa4cbf1c3ef5f2e0b9023"
 		score = 75
@@ -84422,8 +88008,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D625Fcd2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b95b66392e1a07e0b6acd718a9501cede76e57561e69701e9e881bd3fbd3fe39"
 		score = 75
 		quality = 75
@@ -84450,8 +88036,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_02D19C01 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b6df662f5f7566851b95884c0058e7476e49aeb7a96d2aa203393d88e584972f"
 		logic_hash = "43a1dc49bf75cd13637c37290d47b4d6fc1b2c2ac252b64725c0c64e1dd745c6"
 		score = 75
@@ -84479,8 +88065,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2Dd045Fc : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "30a77ab582f0558829a78960929f657a7c3c03c2cf89cd5a0f6934b79a74b7a4"
 		logic_hash = "fa23ca75027f7a5e73652173c9e84112a0b5cd3008fc453fdb33c980dc7b7b24"
 		score = 75
@@ -84508,8 +88094,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1A814B0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb"
 		logic_hash = "a06f5d5be87153be1253c2e20a60fa36701a745813926be03ee466ce8e2285b0"
 		score = 75
@@ -84537,8 +88123,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_C6218E30 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b43ddd8e355b0c538c123c43832e7c8c557e4aee9e914baaed0866ee5d68ee55"
 		logic_hash = "3efbc3cb1591a9340df10640b411a9ab4c41e0aa26c1677d9def8b82e4c246f4"
 		score = 75
@@ -84566,8 +88152,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_B17A7888 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "65c9fdd7c559554af06cd394dcebece1bc0fdc7dd861929a35c74547376324a6"
 		logic_hash = "a7f6daa5c42d186d2c5a027fdb35b45287c3564a7b57b8a2f53659e6ca90602a"
 		score = 75
@@ -84595,8 +88181,8 @@ rule ELASTIC_Linux_Hacktool_Tcpscan_334D0Ca5 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "62de04185c2e3c22af349479a68ad53c31b3874794e7c4f0f33e8d125c37f6b0"
 		logic_hash = "94ee723c660294e35caec5a2b66eeea64896265cfebc839ed3f55cf8f8c67d7e"
 		score = 75
@@ -84624,8 +88210,8 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1"
 		logic_hash = "5a5e157a245a75033abbe6bc7aa66fe6af6d91dc30abe1fdadce85f8f3905b1e"
 		score = 75
@@ -84648,6 +88234,66 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY
 	condition:
 		any of them
 }
+rule ELASTIC_Windows_Trojan_Sourshark_F0247Cce : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Sourshark (Windows.Trojan.SourShark)"
+		author = "Elastic Security"
+		id = "f0247cce-b983-41a1-9118-fd4c23e3d099"
+		date = "2024-06-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SourShark.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc"
+		logic_hash = "0c5d802b5bfc771bdf5df541b18c7ab9de4f420fd3928bfd85b1a71cca2af1bc"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "174d6683890b855a06c672423b4a0b3aa291558d8a2af4771b931d186ce3cb63"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = "%s\\svchost.%s"
+		$a2 = "crypto_domain"
+		$a3 = "postback_id"
+
+	condition:
+		all of them
+}
+rule ELASTIC_Windows_Trojan_Sourshark_Adee8A17 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Sourshark (Windows.Trojan.SourShark)"
+		author = "Elastic Security"
+		id = "adee8a17-cc0c-40b8-9ee6-a01b41e9befd"
+		date = "2024-06-04"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SourShark.yar#L23-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc"
+		logic_hash = "98a4d31849a1828c2154b5032a81580f5dcc8d4a65b96dea3a727e2a82a51666"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "f35ebe8a220693ef6288efae0d325c3f40e70836c088599cb9b620c59fab09da"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a = { 8B 45 08 8B 4C BE 08 8A 04 02 02 C3 02 C1 0F B6 D8 8B 44 9E 08 89 44 BE 08 8D 42 01 33 D2 89 4C 9E 08 47 83 F8 20 0F 4C D0 81 FF 00 01 00 00 7C CF 8B 16 33 FF 8B 5E 04 39 7D FC 7E 33 0F 1F 00 }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY
 {
 	meta:
@@ -84657,8 +88303,8 @@ rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4"
 		logic_hash = "2c9f38187866985109a42ffdf8940b5d195aadd3815b2de952b190d4b0b95c3c"
 		score = 75
@@ -84690,8 +88336,8 @@ rule ELASTIC_Windows_Trojan_Revcoderat_8E6D4182 : FILE MEMORY
 		date = "2021-09-02"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "77732e74850050bb6f935945e510d32a0499d820fa1197752df8bd01c66e8210"
 		logic_hash = "35626d752b291e343350534aece35f1d875068c2c050d12312a60e67753c71e1"
 		score = 75
@@ -84722,8 +88368,8 @@ rule ELASTIC_Linux_Ransomware_Redalert_39642D52 : FILE MEMORY
 		date = "2022-07-06"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09"
 		logic_hash = "fa8fc16f0c8a55dd78781d334d7f55db6aa5e60f76cebf5282150af8ceb08dc3"
 		score = 75
@@ -84755,8 +88401,8 @@ rule ELASTIC_Windows_Ransomware_Wannacry_D9855102 : FILE MEMORY
 		date = "2022-08-29"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0b7878babbaf7c63d808f3ce32c7306cb785fdfb1ceb73be07fb48fdd091fdfb"
 		logic_hash = "5edf6a42c9f20de3819b46f24be243940b79e7e9004fee3d601794ea0b534cf1"
 		score = 75
@@ -84791,8 +88437,8 @@ rule ELASTIC_Windows_Hacktool_Sharpsccm_9Bef8Dab : FILE MEMORY
 		date = "2024-03-25"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e169c4fd16627029445bb0365a2f9ee61ab6b3757b8ad02fd210ce85dc9c97f"
 		logic_hash = "560c780934a63b3c857a09841c09cbc350205868c696fac958e249e1379cc865"
 		score = 75
@@ -84832,8 +88478,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "9fcfe41102bee4f8ecf19f30d0bbb2de50e1a1aff4e17c587b5d9adb417527c5"
 		score = 75
 		quality = 75
@@ -84863,8 +88509,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_Ff55774D : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "9ee41b9638a8cc1d9f9b254878c935c531b2f599be59550b3617b1de8cba2ba5"
 		score = 75
 		quality = 75
@@ -84892,8 +88538,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_11Ea7Be5 : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1f86695f316200c92d0d02f5f3ba9f68854978f98db5d4291a81c06c9f0b8d28"
 		score = 75
 		quality = 75
@@ -84921,8 +88567,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4De7B584 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d61aabcf935121b4f7fc6b0d082d7d6c31cb43bf253a8603dd46435e66b7955"
 		logic_hash = "019b2504df192e673f96a86464bb5e8ba5e89190e51bfe7d702753f76c00b979"
 		score = 75
@@ -84950,8 +88596,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_E3Da43E2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "da0cffc4222d11825778fe4fa985fef2945caa0cc3b4de26af0a06509ebafb21"
 		logic_hash = "b129b7060b6af4ff2aae2678a455b969579132891fba44e4fdc2481a5437bdf9"
 		score = 60
@@ -84979,8 +88625,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_82D5C4Cf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204"
 		logic_hash = "81f35293bd3dd0cfbbf67f036773e16625bb74e06320fa1fff5bc428ef2f3a43"
 		score = 60
@@ -85008,8 +88654,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4Ec2Ec63 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204"
 		logic_hash = "25f616c5440a48aef0f824cb6859e88787db4f42c1ec904a3d3bd72f3a64116e"
 		score = 75
@@ -85037,8 +88683,8 @@ rule ELASTIC_Windows_Wiper_Doublezero_65Ec0C50 : FILE MEMORY
 		date = "2022-03-22"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe"
 		logic_hash = "bce33817d99f71b9d087ea079ef8db08b496315b72cf9d1cf6f0b107a604e52c"
 		score = 75
@@ -85070,8 +88716,8 @@ rule ELASTIC_Macos_Trojan_Genieo_5E0F8980 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6c698bac178892dfe03624905256a7d9abe468121163d7507cade48cf2131170"
 		logic_hash = "76b725f6ae5755bb00d384ef2ae1511789487257d8bb7cb61b893226f03a803e"
 		score = 75
@@ -85099,8 +88745,8 @@ rule ELASTIC_Macos_Trojan_Genieo_37878473 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0fadd926f8d763f7f15e64f857e77f44a492dcf5dc82ae965d3ddf80cd9c7a0d"
 		logic_hash = "bb04ae4e0a98e0dbd0c0708d5e767306e38edf76de2671523f4bd43cbcbfefc2"
 		score = 75
@@ -85128,8 +88774,8 @@ rule ELASTIC_Macos_Trojan_Genieo_0D003634 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bcd391b58338efec4769e876bd510d0c4b156a7830bab56c3b56585974435d70"
 		logic_hash = "0412f88408fb14d1126ef091d0a5cc0ee2b2e39aeb241bef55208b59830ca993"
 		score = 75
@@ -85157,8 +88803,8 @@ rule ELASTIC_Macos_Trojan_Genieo_9E178C0B : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7760e73195c3ea8566f3ff0427d85d6f35c6eec7ee9184f3aceab06da8845d8"
 		logic_hash = "212f96ca964aceeb80c6d3282d488cfbb74aeffb9c0c9dd840a3a28f9bbdcbea"
 		score = 75
@@ -85186,8 +88832,8 @@ rule ELASTIC_Windows_Ransomware_Pandora_Bca8Ce23 : FILE MEMORY
 		date = "2022-03-14"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224"
 		logic_hash = "52203c1af994667ba6833defe547e886dd02167e4d76c57711080e3be0473bfc"
 		score = 75
@@ -85217,8 +88863,8 @@ rule ELASTIC_Windows_Vulndriver_Microstar_D72B85B2 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59"
 		logic_hash = "04e9c1f318acae5544cdc826938383bf8f6c6b838cb5828a7097383ac564f404"
 		score = 75
@@ -85248,8 +88894,8 @@ rule ELASTIC_Windows_Trojan_Backoff_22798F00 : FILE MEMORY
 		date = "2022-08-10"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Backoff.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Backoff.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "65b5aff18a4e0bc29d7cc4cfbe2d5882f99a855727fe467b2ba2e2851c43d21b"
 		score = 75
 		quality = 75
@@ -85281,8 +88927,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_06B2Dff5 : FILE MEMORY CVE_2012_0056
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17"
 		logic_hash = "4361e6e74d6678d9e0823b23a7a2e4ae84119142cad319950154f806115845d5"
 		score = 75
@@ -85310,8 +88956,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_B39839F4 : FILE MEMORY CVE_2012_0056
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc"
 		logic_hash = "553111c64d8abfc3688a88dd95088de0ea7e92f68592e9a778f8041b40071e84"
 		score = 75
@@ -85339,8 +88985,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_A1E53450 : FILE MEMORY CVE_2012_0056
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6"
 		logic_hash = "f2ab5de83c36a9a834e41c8f6fdccd0dffdeb384adf7b1e1098e86a2ac52df18"
 		score = 75
@@ -85368,8 +89014,8 @@ rule ELASTIC_Windows_Exploit_Eternalblue_Ead33Bf8 : FILE
 		date = "2021-01-12"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a1340e418c80be58fb6bbb48d4e363de8c6d62ea59730817d5eda6ba17b2c7a7"
 		logic_hash = "4d0ab8bd7ef5b20e656110ac3c78b08803539387cb4fe1425a284d39c42aa199"
 		score = 75
@@ -85397,8 +89043,8 @@ rule ELASTIC_Windows_Hacktool_Sharpdump_7C17D8B1 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "14c3ea569a1bd9ac3aced4f8dd58314532dbf974bfa359979e6c7b6a4bbf41ca"
 		logic_hash = "10ca29b097d9f1cef27349751e8f1e584ead1056a636224a80f00823ca878c13"
 		score = 75
@@ -85430,8 +89076,8 @@ rule ELASTIC_Macos_Trojan_Fplayer_1C1Fae37 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725"
 		logic_hash = "0d65717bdbac694ffb2535a1ff584f7ec2aa7b553a08d29113c6e2bd7b2ff1aa"
 		score = 75
@@ -85459,8 +89105,8 @@ rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9c67207546ad274dc78a0819444d1c8805537f9ac36d3c53eba9278ed44b360c"
 		logic_hash = "130df108de5b6cdfb9227f96301bdaa1e272d47b8cb9ad96c3aa574bf65870b2"
 		score = 75
@@ -85488,8 +89134,8 @@ rule ELASTIC_Macos_Exploit_Log4J_75A13888 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b09d8dd9c422e7eb8aa23f8b1204d31fd290252925099300d6d19d73e562ca5e"
 		score = 75
 		quality = 75
@@ -85522,8 +89168,8 @@ rule ELASTIC_Linux_Backdoor_Bash_E427876D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Bash.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Bash.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b"
 		logic_hash = "fdd066b746416730419787d21eb53fa2ba997679a237d9db3a2e1365d43df892"
 		score = 75
@@ -85551,8 +89197,8 @@ rule ELASTIC_Macos_Virus_Pirrit_271B8Ed0 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7feda05d41b09c06a08c167c7f4dde597ac775c54bf0d74a82aa533644035177"
 		logic_hash = "cb77f6df1403afbc7f45d30551559b6de7eb1c3434778b46d31754da0a1b1f10"
 		score = 75
@@ -85580,8 +89226,8 @@ rule ELASTIC_Linux_Rootkit_Dakkatoni_010D3Ac2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "38b2d033eb5ce87faa4faa7fcac943d9373e432e0d45e741a0c01d714ee9d4d3"
 		logic_hash = "51119321f29aed695e09da22d3234eae96db93e8029d4525d018e56c7131f7b8"
 		score = 75
@@ -85609,8 +89255,8 @@ rule ELASTIC_Windows_Trojan_Snakekeylogger_Af3Faa65 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "54180a642d40b5366f1b400c347c25dc31397d662d6bb8af33c7d2319c97d3fb"
 		score = 75
 		quality = 73
@@ -85651,8 +89297,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_100011_21025F50 : FILE MEMORY CVE_2017_10001
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "32db88b2c964ce48e6d1397ca655075ea54ce298340af55ea890a2411a67d554"
 		logic_hash = "3ec54a7639ccfc019e01fa287f69a93af57087e2d67d0c8574a646afb9043db5"
 		score = 75
@@ -85680,8 +89326,8 @@ rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ec9e74d52d745275718fe272bfd755335739ad5f680f73f5a4e66df6eb141a63"
 		logic_hash = "71aa8aa4171671af4aa0271b64da95ac1d8766de12a949c97ebcac9369224ecd"
 		score = 75
@@ -85709,8 +89355,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6660D29F : BETA FILE MEMORY
 		date = "2020-06-28"
 		modified = "2021-08-23"
 		reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4c12eaa44f82c6f729e51242c9c1836eb1856959c682e2d2e21b975104c197b6"
 		score = 75
 		quality = 75
@@ -85739,8 +89385,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6Ab188Da : BETA FILE MEMORY
 		date = "2020-06-28"
 		modified = "2021-08-23"
 		reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "429c87d293b7f517a594e8be020cbe7f8302a8b6eb8337f090ca18973aafbde4"
 		score = 75
 		quality = 75
@@ -85768,8 +89414,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_4Fb1A155 : BETA FILE MEMORY
 		date = "2020-06-28"
 		modified = "2021-08-23"
 		reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "eb041a836b2bc73312a2f87523d817d5274f3d43d3e5fe6aacfad1399c61a9de"
 		score = 75
 		quality = 75
@@ -85797,8 +89443,8 @@ rule ELASTIC_Windows_Trojan_Remcos_B296E965 : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Remcos.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Remcos.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed"
 		logic_hash = "069072abd1182eee50cb9937503d47845e7315d8e3cd6b63576adc8f21820c82"
 		score = 75
@@ -85829,8 +89475,8 @@ rule ELASTIC_Windows_Trojan_Remcos_7591E9F1 : FILE MEMORY
 		date = "2023-06-23"
 		modified = "2023-07-10"
 		reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Remcos.yar#L25-L49"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Remcos.yar#L25-L49"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4e6e5ecd1cf9c88d536c894d74320c77967fe08c75066098082bf237283842fa"
 		logic_hash = "96acf1ba7740a8d34d929ed4a4fa446c984c3a8f64a603d428e782b6997e4d20"
 		score = 75
@@ -85863,8 +89509,8 @@ rule ELASTIC_Windows_Trojan_Cryptbot_489A6562 : FILE MEMORY
 		date = "2021-08-18"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110"
 		logic_hash = "7fee3cc67419e66de790ba2ad8c3102425b3a45bdfe31801758dd38021a8439b"
 		score = 75
@@ -85896,8 +89542,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_1Ef19A12 : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "61df74731fbe1eafb2eb987f20e5226962eeceef010164e41ea6c4494a4010fc"
 		logic_hash = "25bd58d546549d208f9f95f4c27d1e58f86f87750dae1e293544cc92b25f8b32"
 		score = 75
@@ -85928,8 +89574,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_34559Bcd : FILE MEMORY
 		date = "2022-02-21"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c"
 		logic_hash = "ebe7f6037f14e37b6efe81614c06c6d26fe0cc17d0475b8b19715f80d0d9aad3"
 		score = 75
@@ -85963,8 +89609,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_43Abeeeb : FILE MEMORY
 		date = "2023-04-13"
 		modified = "2023-05-26"
 		reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7e35ba39c2c77775b0394712f89679308d1a4577b6e5d0387835ac6c06e556cb"
 		logic_hash = "976e5b5b4ba73f1b392c2f6b32a86b09b5fd9e5a3510c60b77a39f1e0d705822"
 		score = 75
@@ -85999,8 +89645,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_368C36A0 : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-05-10"
 		reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d1c32176b46ce171dbce46493eb3c5312db134b0a3cfa266071555c704e6cff8"
 		logic_hash = "6182bde93e18dc6a83a94b50b193f5f29ed9abfa89b53c290818e7dab5bbb334"
 		score = 75
@@ -86033,8 +89679,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_52A15A93 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "ceaf5b06108baa6043e31010d777099ed6ac9b4054e86d41309bd7c2b0ffda11"
 		score = 75
@@ -86062,8 +89708,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_D0Ad9C82 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "8351cb61f5b712c65962e734a7c29271fa4805720e14b6badc9bc1c0364778f8"
 		score = 75
@@ -86091,8 +89737,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E2C89606 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "64cb8d8ec04a53f663b216208279afba3c10f148fe99822f9a45100a4f73ed28"
 		score = 75
@@ -86120,8 +89766,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_82B4E3F3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8c91f85bc807605a3233d28a5eb8b6e1cf847fb288cbc4427e86226eed7a2055"
 		score = 75
 		quality = 75
@@ -86148,8 +89794,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_601352Dc : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5714e130075f4780e025fb3810f58a63e618659ac34d12abe211a1b6f2f80269"
 		logic_hash = "adeeea73b711fc867b88775c06a14011380118ed85691660ba771381e51160e3"
 		score = 75
@@ -86177,8 +89823,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Ddca1181 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "076d4ac69f6bc29975b22e19d429c25ef357443ec8fcaf5165e0a8069112af74"
 		score = 75
 		quality = 75
@@ -86205,8 +89851,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_65E666C0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19f9b5382d3e8e604be321aefd47cb72c2337a170403613b853307c266d065dd"
 		logic_hash = "2d2bec8f89986b19bf1c806b6654405ac6523f49aeafd759b7631d9587d780c8"
 		score = 75
@@ -86234,8 +89880,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_494D5B0F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7e08df5279f4d22f1f27553946b0dadd60bb8242d522a8dceb45ab7636433c2f"
 		logic_hash = "6ddb94f9f44fe749a442592d491343a99bd870ea2d79596631d857516425e72b"
 		score = 75
@@ -86263,8 +89909,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Bb4F7F39 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "33e8fcbb29cc38b4a8365845eb3a1488e13be964f7383b28a158a98fb259acb4"
 		score = 75
@@ -86292,8 +89938,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_8679E1Cb : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6055ac4800397f6582e60cdf15fa74584986e1e7cf49a541b0ec746445834819"
 		score = 75
 		quality = 75
@@ -86320,8 +89966,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_29B86E6A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "dd5f44249cc4c91f39a0e7d0b236ebeed8f78d5fcb03c7ebc80ef1c738b18336"
 		score = 75
 		quality = 75
@@ -86348,8 +89994,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E3086563 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "5545f7ce8fa45dc56bc4bb5140ce1db527997dfaa1dd2bbb1e4a12af45300065"
 		score = 75
@@ -86377,8 +90023,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083"
 		logic_hash = "f93fe72e08c8ec135cccc8cdab2ecedbb694e9ad39f2572d060864bb3290e25c"
 		score = 75
@@ -86406,8 +90052,8 @@ rule ELASTIC_Linux_Trojan_Sshdkit_18A0B82A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "003245047359e17706e4504f8988905a219fcb48865afea934e6aafa7f97cef6"
 		logic_hash = "4b7a78ebf3c114809148cc9855379b2e63c959966272ad45759838d570b42016"
 		score = 75
@@ -86435,8 +90081,8 @@ rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY
 		date = "2022-12-14"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54"
 		logic_hash = "67f97cc4f2886ed296b5b3827dc1d1792136ba8d9d27c20b677c9467618c879d"
 		score = 75
@@ -86468,8 +90114,8 @@ rule ELASTIC_Windows_Ransomware_Grief_9953339A : FILE MEMORY
 		date = "2021-08-04"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Grief.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Grief.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0"
 		logic_hash = "f99ea1e1f59dc2999659cbe649e76001dd7139b1438440717b60f081d1e99d70"
 		score = 75
@@ -86497,8 +90143,8 @@ rule ELASTIC_Windows_Vulndriver_Iqvw_B8B45E6B : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9"
 		logic_hash = "b0a8716f550ba231ca7db61bafd6effbc351faa45864f9ebf7be81f63f14a933"
 		score = 60
@@ -86528,8 +90174,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_48Bb4B2C : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f"
 		logic_hash = "fd6ae610a4d2cbf02aae2302d181d07780e723ac7e61b5aa3fd18ba834160729"
 		score = 75
@@ -86559,8 +90205,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_8A2F6Dc1 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3"
 		logic_hash = "90e1efd9d918f15459dd3fabb4737cbdeded66da1d556becca051bdda5867c11"
 		score = 75
@@ -86590,8 +90236,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_F4760D4A : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003"
 		logic_hash = "dc83771e08b8530bf138782ba8c7724e7ecff40c973407a7f654346302a284d5"
 		score = 75
@@ -86621,8 +90267,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_6A7De49F : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7"
 		logic_hash = "de0d25377103d50b33a95a804b9c3eb9ef221d56fa1dfda0a32f14dcd95ee4b1"
 		score = 75
@@ -86652,8 +90298,8 @@ rule ELASTIC_Windows_Vulndriver_Mtcbsv_7F6D642E : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c"
 		logic_hash = "dfd53a2b97ad722307561fc5f109dcba372bf600113786bb351ed1262fdc8556"
 		score = 75
@@ -86683,8 +90329,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_8859E8E8 : FILE MEMORY
 		date = "2021-05-03"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9"
 		logic_hash = "72cc718724d9d9a391a9f7a0932ebf397c2ab79558437533bef6e380b06baff9"
 		score = 75
@@ -86725,8 +90371,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_4B668121 : FILE MEMORY
 		date = "2021-05-03"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0"
 		logic_hash = "00c7a492c304f12b9909e35cf069618a1103311a69e3e8951ca196c3c663b12a"
 		score = 75
@@ -86761,8 +90407,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_D9391A1A : FILE MEMORY
 		date = "2021-05-03"
 		modified = "2023-01-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "10887d13dba1f83ef34e047455a04416d25a83079a7f3798ce3483e0526e3768"
 		logic_hash = "074ca47c0526d9828f3c07c7d6dbdd1cec609670d70340b022ae2c712ad80305"
 		score = 75
@@ -86791,8 +90437,8 @@ rule ELASTIC_Windows_Vulndriver_Asio_5F9F29Be : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15"
 		logic_hash = "a901d81737c7e6d00e87f0eec758dd063eade59d9883e85e04a33bb18f2f99de"
 		score = 75
@@ -86820,8 +90466,8 @@ rule ELASTIC_Windows_Trojan_Fabookie_024F8759 : FILE MEMORY
 		date = "2023-06-22"
 		modified = "2023-07-10"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e"
 		logic_hash = "9477406b718c6489161cf4636be66c4f72df923b9c5a7ee4069ef6a9552de485"
 		score = 75
@@ -86850,8 +90496,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_7029Ba21 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "09005775fc587ac7bf150c05352e59dc01008b7bf8c1d870d1cea87561aa0b06"
 		logic_hash = "874959361b14ba74e13e6e674da75c9bdb6b9475d8b286572825c940b41f679f"
 		score = 75
@@ -86880,8 +90526,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY
 		date = "2023-09-04"
 		modified = "2023-09-20"
 		reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "339e4fdbccb65b0b06a1421c719300a8da844789a2016d58e8ce4227cb5dc91b"
 		logic_hash = "e1c25cf8ce0ff434727c9104c6b79110ff5cfa84eb3e939119fd05cf676727c6"
 		score = 75
@@ -86912,8 +90558,8 @@ rule ELASTIC_Linux_Trojan_Generic_402Be6C5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d30a8f5971763831f92d9a6dd4720f52a1638054672a74fdb59357ae1c9e6deb"
 		logic_hash = "b32111972bc21822f0f2c8e47198c90b70e78667410175257b9542c212fc3a1d"
 		score = 75
@@ -86941,8 +90587,8 @@ rule ELASTIC_Linux_Trojan_Generic_5420D3E7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "103b8fced0aebd73cb8ba9eff1a55e6b6fa13bb0a099c9234521f298ee8d2f9f"
 		logic_hash = "8ba3566ec900e37f05f11d40c65ffe1dfc587c553fa9c28b71ced7a9a90f50c3"
 		score = 75
@@ -86970,8 +90616,8 @@ rule ELASTIC_Linux_Trojan_Generic_4F4Cc3Ea : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "32e25641360dbfd50125c43754cd327cf024f1b3bfd75b617cdf8a17024e2da5"
 		logic_hash = "9eb0d93b8c1a579ca8362d033edecbbe6a9ade82f6ae5688c183b97ed7b97faa"
 		score = 75
@@ -86999,8 +90645,8 @@ rule ELASTIC_Linux_Trojan_Generic_703A0258 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b086d0119042fc960fe540c23d0a274dd0fb6f3570607823895c9158d4f75974"
 		logic_hash = "cb37930637b8da91188d199ee20f1b64a0b1f13e966a99e69b983e623dac51de"
 		score = 75
@@ -87028,8 +90674,8 @@ rule ELASTIC_Linux_Trojan_Generic_378765E4 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1"
 		logic_hash = "dd10305f553fa94ff83fafa84cff3d544f097b617fca20760eef838902e1f7db"
 		score = 75
@@ -87057,8 +90703,8 @@ rule ELASTIC_Linux_Trojan_Generic_F657Fb4F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1"
 		logic_hash = "af4fa2c21b47f360b425ebbfea624e3728cd682e54e367d265b4f3a6515b0720"
 		score = 75
@@ -87086,8 +90732,8 @@ rule ELASTIC_Linux_Trojan_Generic_Be1757Ef : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13"
 		logic_hash = "567d33c262e5f812c6a702bcc0a1f0cf576b67bf7cf67bb82b5f9ce9f233aaff"
 		score = 75
@@ -87115,8 +90761,8 @@ rule ELASTIC_Linux_Trojan_Generic_7A95Ef79 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f59340a740af8f7f4b96e3ea46d38dbe81f2b776820b6f53b7028119c5db4355"
 		logic_hash = "6da43e4bab6b2024b49dfc943f099fb21c06d8d4a082a05594b07cb55989183c"
 		score = 75
@@ -87144,8 +90790,8 @@ rule ELASTIC_Linux_Trojan_Generic_1C5E42B7 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f"
 		logic_hash = "cd759b87a303fafb9461d0a73b6a6b3f468b1f3db0189ba0e584a629e5d78da1"
 		score = 75
@@ -87173,8 +90819,8 @@ rule ELASTIC_Linux_Trojan_Generic_8Ca4B663 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ddf479e504867dfa27a2f23809e6255089fa0e2e7dcf31b6ce7d08f8d88947e"
 		logic_hash = "43b8cae2075f55a98b226f865d54e1c96345db0564815d849b3458d3f3ffee7f"
 		score = 75
@@ -87202,8 +90848,8 @@ rule ELASTIC_Linux_Trojan_Generic_D3Fe3Fae : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2a2542142adb05bff753e0652e119c1d49232d61c49134f13192425653332dc3"
 		logic_hash = "0b980a0bcf8340410fe2b53d109f629c6e871ebe82af467153d7b50b73fd8644"
 		score = 60
@@ -87231,8 +90877,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E981634 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L221-L239"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L221-L239"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "448e8d71e335cabf5c4e9e8d2d31e6b52f620dbf408d8cc9a6232a81c051441b"
 		logic_hash = "4623c07a15588788ec8a484642a33f2d18127849302d57520a0dac875564f62c"
 		score = 75
@@ -87260,8 +90906,8 @@ rule ELASTIC_Linux_Trojan_Generic_D8953Ca0 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L241-L259"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L241-L259"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "552753661c3cc7b3a4326721789808482a4591cb662bc813ee50d95f101a3501"
 		logic_hash = "cbc1a60a1d9525f7230336dff07f56e6a0b99e7c70c99d3f4363c06ed0071716"
 		score = 75
@@ -87289,8 +90935,8 @@ rule ELASTIC_Linux_Trojan_Generic_181054Af : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L261-L279"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L261-L279"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e677f1eed0dbb4c680549e0bf86d92b0a28a85c6d571417baaba0d0719da5f93"
 		logic_hash = "e92807b603dd33fe7a083985644a213913a77e81c068623fdac7931148207b91"
 		score = 75
@@ -87318,8 +90964,8 @@ rule ELASTIC_Linux_Trojan_Generic_C3D529A2 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L281-L299"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L281-L299"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b46135ae52db6399b680e5c53f891d101228de5cd6c06b6ae115e4a763a5fb22"
 		logic_hash = "a508acd95844a4385943166f715606199048d96be0098bc89f9be7b9db34833e"
 		score = 75
@@ -87347,8 +90993,8 @@ rule ELASTIC_Linux_Trojan_Generic_4675Dffa : FILE MEMORY
 		date = "2023-07-28"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Generic.yar#L301-L320"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Generic.yar#L301-L320"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "43e14c9713b1ca1f3a7f4bcb57dd3959d3a964be5121eb5aba312de41e2fb7a6"
 		logic_hash = "d2865a869d0cf0bf784106fe6242a4c7f58e58a43c4d4ae0241b10569810904d"
 		score = 75
@@ -87377,8 +91023,8 @@ rule ELASTIC_Windows_Trojan_Raspberryrobin_4B4D6899 : FILE MEMORY
 		date = "2023-12-13"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2f0451f38adb74cb96c857de455887b00c5038b68210294c7f52b0b5ff64cc1e"
 		logic_hash = "bbafad9509b367e811e86cb8f2f64d9c1d59f82b5cd58a7af43325bb7fa9d9c3"
 		score = 75
@@ -87406,8 +91052,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_D74273B3 : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "126246689b28e92ed10bfa6165f06ff7d4f0e062de7c58b821eaaf5e3cae9306"
 		score = 75
 		quality = 75
@@ -87435,8 +91081,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_Bca25Ac6 : BETA FILE MEMORY
 		date = "2020-06-25"
 		modified = "2021-08-23"
 		reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7670f9dafacc8fc5998c1974af66ede388c0997545da067648fec4fd053f0001"
 		score = 75
 		quality = 75
@@ -87471,8 +91117,8 @@ rule ELASTIC_Linux_Virus_Rst_1214E2Ae : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Virus_Rst.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Virus_Rst.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b0e4f44d2456960bb6b20cb468c4ca1390338b83774b7af783c3d03e49eebe44"
 		logic_hash = "82de4a97f414d591daba2d5d49b941ec4c51d6a6af36f97f062eaac5c74ebe30"
 		score = 75
@@ -87500,8 +91146,8 @@ rule ELASTIC_Linux_Trojan_Bish_974B4B47 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Bish.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Bish.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9171fd2bbe182f0a3cd35937f3ee0076c9358f52f5bc047498dd9e233ae11757"
 		logic_hash = "c5a7d036c89fe50626da51486d19ee731ad28cbc8d36def075d8f33a7b68961f"
 		score = 75
@@ -87529,8 +91175,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_Be1973Ed : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461"
 		logic_hash = "65f9daabf44006fe4405032bf93570185248bc62cd287650c68f854b23aa2158"
 		score = 75
@@ -87558,8 +91204,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_1D057993 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461"
 		logic_hash = "c5e15e21946816052d5a8dc293db3830f1d6d06cdbf22eb8667b655206dbbc1f"
 		score = 75
@@ -87587,8 +91233,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_29C12775 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461"
 		logic_hash = "a8eb79fdf57811f4ffd5a7c5ec54cf46c06281f8cd4d677aec1ad168d6648a08"
 		score = 75
@@ -87616,8 +91262,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_39C4Abd4 : FILE
 		date = "2022-04-04"
 		modified = "2022-08-30"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25"
 		logic_hash = "fd43503c9427a386674c06bb790e110ac23c27d8fc4adedbaa8a9b7cb0cbafd4"
 		score = 75
@@ -87645,8 +91291,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_68D5Afbb : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a"
 		logic_hash = "0b5f0d408a5c4089ef496c5f8241a34d0468cc3d21e89e41dc105a0df0855d38"
 		score = 75
@@ -87674,8 +91320,8 @@ rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "017a9d7290cf327444d23227518ab612111ca148da7225e64a9f6ebd253449ab"
 		logic_hash = "227adcc340c38cebf56ea2f39b483c965dd46827d83afe5f866ca844c932da76"
 		score = 75
@@ -87703,8 +91349,8 @@ rule ELASTIC_Windows_Ransomware_Blackhunt_7B46Cb9C : FILE MEMORY
 		date = "2024-03-12"
 		modified = "2024-03-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6c4e968c9b53906ba0e86a41eccdabe2b736238cb126852023e15850e956293d"
 		logic_hash = "97bb8436574fd814d8278e5a7043e011d0e4f9a7dd9df5e67605f28ac1af1e74"
 		score = 50
@@ -87738,8 +91384,8 @@ rule ELASTIC_Windows_Vulndriver_Segwin_04A3962E : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd"
 		logic_hash = "1e9ba5fc78f2b4eeee56314c9e8cf3071817d726b44cb8510f8d7069e85ab7bf"
 		score = 75
@@ -87769,8 +91415,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_B32C6B99 : FILE MEMORY
 		date = "2021-04-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a3b3f56a61c6dc8ba2aa25bdd9bd7dc2c5a4602c2670431c5cbc59a76e2b4c54"
 		logic_hash = "f9e023f340edc4c46b2926e750c2ad3a3798e34415e43c0ea2d83073e3dc526a"
 		score = 75
@@ -87804,8 +91450,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_15Eeb7B9 : FILE MEMORY
 		date = "2021-04-23"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746"
 		logic_hash = "f1ab9ad69f9ea75343c7404b82a3f7a4976a442b980a98fe5b95c55d4f9cb34e"
 		score = 75
@@ -87834,8 +91480,8 @@ rule ELASTIC_Linux_Ransomware_Gonnacry_53C3832D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac"
 		logic_hash = "2b7453c4eb71b71e6a241f728b077a2ee63d988d55a64fedf61c34222799e262"
 		score = 75
@@ -87863,8 +91509,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_3C43D4A7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7"
 		logic_hash = "c7e9191312197f8925d7231d0b8badf8b5ca35685df909c0d1feb301b4385d7b"
 		score = 75
@@ -87892,8 +91538,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_F9269F00 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7"
 		logic_hash = "5914d222b49aaf6c1040e48ffd93c04bd5df25f1d97bde79b034862fca6555f6"
 		score = 75
@@ -87921,8 +91567,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_08Bcf61C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "503f293d84de4f2c826f81a68180ad869e0d1448ea6c0dbf09a7b23801e1a9b9"
 		logic_hash = "fb2755c04b61d19788a92b8c9c1c9eb2552b62b27011e302840fdcf689b3d9b4"
 		score = 75
@@ -87950,8 +91596,8 @@ rule ELASTIC_Linux_Trojan_Godlua_Ed8E6228 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Godlua.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Godlua.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "848ef3b198737f080f19c5fa55dfbc31356427398074f9125c65cb532c52ce7a"
 		score = 75
 		quality = 75
@@ -87978,8 +91624,8 @@ rule ELASTIC_Windows_Ransomware_Mespinoza_3Adb59F5 : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6f3cd5f05ab4f404c78bab92f705c91d967b31a9b06017d910af312fa87ae3d6"
 		logic_hash = "28c8ad42a3af70fed274edc9105dae5cef13749d71510561a50428c822464934"
 		score = 75
@@ -88009,8 +91655,8 @@ rule ELASTIC_Windows_Trojan_Stormkitty_6256031A : FILE MEMORY
 		date = "2022-03-21"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c69015f534d1da3770dbc14183474a643c4332de6a599278832abd2b15ba027"
 		logic_hash = "a797e87eaf5b173da9dd43fcff03b3d26198dcafa29c3f2ca369773c73001234"
 		score = 75
@@ -88043,8 +91689,8 @@ rule ELASTIC_Linux_Trojan_Roopre_B6B9E71D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Roopre.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Roopre.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc"
 		logic_hash = "32294e476a014a919d2d738bdc940a7fc5f91e1b13c005f164a5b6bf84eb2635"
 		score = 75
@@ -88072,8 +91718,8 @@ rule ELASTIC_Linux_Trojan_Roopre_05F7F237 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Roopre.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Roopre.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc"
 		logic_hash = "12e14ac31932033f2448b7a3bfd6ce826fff17494547ac4baefb20f6713baf5f"
 		score = 75
@@ -88101,8 +91747,8 @@ rule ELASTIC_Linux_Cryptominer_Casdet_5D0D33Be : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b09115c876a8b610e1941c768100e03c963c76b250fdd5b12a74253ef9e5fb6"
 		logic_hash = "e3264f614e257d853070907866b838d1cb53c1f60f7a0123ec503f1d540a15d7"
 		score = 75
@@ -88130,8 +91776,8 @@ rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "051f60f9f4665b96f764810defe9525ae7b4f9898249b83a23094cee63fa0c3b"
 		logic_hash = "021a56dd47d9929e71b82b00d24aa8969a31945681dcf414c69b8d175fb0b6eb"
 		score = 75
@@ -88163,8 +91809,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3490_D369D615 : FILE MEMORY CVE_2021_3490
 		date = "2021-11-12"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e65ba616942fd1e893e10898d546fe54458debbc42e0d6826aff7a4bb4b2cf19"
 		logic_hash = "6fa4b36366d2c255f5ccf0e22a06c7e17df74fddd06963787dbcd713b3e8aca6"
 		score = 75
@@ -88203,8 +91849,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4E31426E : FILE MEMORY
 		date = "2021-07-21"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174"
 		logic_hash = "44ac7659964519ae72f83076bcd1b3e5244eb9cadd9a3b123dda78b0e9e07424"
 		score = 75
@@ -88232,8 +91878,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4Ee15B92 : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "09b9283286463b35ea2d5abfa869110eb124eb8c1788eb2630480d058e82abf2"
 		logic_hash = "7d5ba6a4cc1f1b87f7ea1963b41749f5488197ea28b31f20a235091236250463"
 		score = 75
@@ -88261,8 +91907,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Ea14B2A5 : FILE MEMORY
 		date = "2023-05-03"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15fe237276b9c2c6ceae405c0739479d165b406321891c8a31883023e7b15d54"
 		logic_hash = "8a96985902f82979f1512d4d30cfa41fd23562b8f86bf2f722351ef2adf4365f"
 		score = 75
@@ -88291,8 +91937,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_De52Ed44 : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c689a384f626616005d37a94e6a5a713b9eead1b819a238e4e586452871f6718"
 		logic_hash = "95a60079a316016ca3f78f18e7920b962f5770bef4211dd70e37f45bbe069406"
 		score = 75
@@ -88321,8 +91967,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Edc62A10 : FILE MEMORY
 		date = "2023-06-23"
 		modified = "2023-07-10"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "64485ffc283e981c8b77db5a675c7ba2a04d3effaced522531185aa46eb6a36b"
 		logic_hash = "986cb6c28d2d9767a2fd084fdd71edb7a1c36e78ddedf3c562076cf6f5b5afd1"
 		score = 75
@@ -88350,8 +91996,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Eee75D2C : FILE MEMORY
 		date = "2023-08-25"
 		modified = "2023-11-02"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c"
 		logic_hash = "18cd9be4af210686872610f832ac0ad58a48588a1226fc6093348ceb8371c6b4"
 		score = 75
@@ -88379,8 +92025,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_C9Cc6D00 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf"
 		logic_hash = "4b6a78c2c807cf1f569ae9bc275d42d9c895efba7a2d64fec0652e3cb163d553"
 		score = 75
@@ -88408,8 +92054,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_B0F21A70 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374"
 		logic_hash = "c82d95e805898f9a9a1ffccb483e506df0a53dc420068314e7c724e4947f3572"
 		score = 75
@@ -88437,8 +92083,8 @@ rule ELASTIC_Macos_Backdoor_Applejeus_31872Ae2 : FILE MEMORY
 		date = "2021-10-18"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55"
 		logic_hash = "1d6f06668a7d048a93e53b294c5ab8ffe4cd610f3bef3fd80f14425ef8a85a29"
 		score = 75
@@ -88466,8 +92112,8 @@ rule ELASTIC_Windows_Trojan_Behinder_B9A49F4B : FILE MEMORY
 		date = "2023-03-02"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Behinder.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Behinder.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a50ca8df4181918fe0636272f31e19815f1b97cce6d871e15e03b0ee0e3da17b"
 		logic_hash = "2303ef82e4dc5e8be87ddc4563dcd06963d17e1fbf25cf246a6c81e4e74adbcb"
 		score = 75
@@ -88497,8 +92143,8 @@ rule ELASTIC_Windows_Vulndriver_Gdrv_5368078B : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427"
 		logic_hash = "f4d43ac4a4b6d879ffb5ba637b38ec75c8b57f531db644015c1a71c2cdea45d5"
 		score = 75
@@ -88528,8 +92174,8 @@ rule ELASTIC_Windows_Wiper_Isaacwiper_239Cd2Dc : FILE MEMORY
 		date = "2022-03-04"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033"
 		logic_hash = "102ffe215b1e1c39e1225cb39dfeb10a20a08c5b10f836490fc1501c6eb9e930"
 		score = 75
@@ -88562,8 +92208,8 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b2a1cd801ae68a890b40dbd1601cdfeb5085574637ae8658417d0975be8acb5"
 		logic_hash = "70a954e8b44b1ce46f5ce0ebcf43b46e1292f0b8cdb46aa67f980d3c9b0a6f61"
 		score = 75
@@ -88582,6 +92228,40 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Trojan_Springtail_35D5B90B : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Springtail (Linux.Trojan.Springtail)"
+		author = "Elastic Security"
+		id = "35d5b90b-f81d-4a10-828b-8315f8e87ca7"
+		date = "2024-05-18"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Springtail.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213"
+		logic_hash = "7158e60aedfde884d9ee01457abfe6d9b6b1df9cdc1c415231d98429866eaa6c"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "ca2d3ea7b23c0fc21afb9cfd2d6561727780bda65d2db1a5780b627ac7b07e66"
+		severity = 100
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$systemd1 = "Description=syslogd"
+		$systemd2 = "ExecStart=/bin/sh -c \"/var/log/syslogd\""
+		$cron1 = "cron.txt@reboot"
+		$cron2 = "/bin/shcrontab"
+		$cron3 = "type/var/log/syslogdcrontab cron.txt"
+		$uri = "/mir/index.php"
+
+	condition:
+		all of them
+}
 rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY
 {
 	meta:
@@ -88591,8 +92271,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3fc701a2caab0297112501f55eaeb05264c5e4099c411dcadc7095627e19837a"
 		logic_hash = "dc2dfa128f509221cae8bae9864190e8316bb7a5ae081da1076081b5f4fdc870"
 		score = 75
@@ -88620,8 +92300,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_757637D9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7"
 		logic_hash = "b1f1784aae5958740d03ca50d0b9731e8db7d86d918d16e82cf6fc1e1bf663a9"
 		score = 75
@@ -88649,8 +92329,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_78543893 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ff5b02d2b4dfa9c3d53e7218533f3c57e82315be8f62aa17e26eda55a3b53479"
 		logic_hash = "4bb6a6e063fd00569b04f4514ec1731357aa8e8ce4cfee354fdd86773a4358da"
 		score = 75
@@ -88678,8 +92358,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_4F8D83D2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d78128eca706557eeab8a454cf875362a097459347ddc32118f71bd6c73d5bbd"
 		logic_hash = "6fee488d97fe1d4be558b6886c603010c6d1423a750783b38a65d2fb3eeb76f4"
 		score = 75
@@ -88707,8 +92387,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F4Afd230 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "805e900ffc9edb9f550dcbc938a3b06d28e9e7d3fb604ff68a311a0accbcd2b1"
 		logic_hash = "9aba4ebbf946f07071bfb94fa50c6981ae8c659aca9ee6e05c7ef214432d7466"
 		score = 75
@@ -88736,8 +92416,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Bb384Bc9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ecc6635117b99419255af5d292a7af3887b06d5f3b0f59d158281eebfe606445"
 		logic_hash = "1e9faba4f245d8b0d6944430286a5fc3e11cd7e036a4151b29fc2c5f037894fb"
 		score = 75
@@ -88765,8 +92445,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_B293F6Ec : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214"
 		logic_hash = "0e310082714f5283f9b4ccde5a8e17994e3bc4acf3d744b22734c136dde7cebb"
 		score = 75
@@ -88794,8 +92474,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_C5983669 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d08be92a484991afae3567256b6cec60a53400e0e9b6f6b4d5c416a22ccca1cf"
 		logic_hash = "ff673070969f1ededf8ff2c7cadfc251c7d2e52da58906b15cfc04593a755d55"
 		score = 75
@@ -88823,8 +92503,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Fbff22Da : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7"
 		logic_hash = "d3e3037593f5714dfb49c6e19631fd46331e2702c8bf6d6099bb5b34158321a9"
 		score = 75
@@ -88852,8 +92532,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_E2D5Fad8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7e54e57db3de32555c15e529c04b35f52d75af630e45b5f8d6c21149866b6929"
 		logic_hash = "b294ce1c4d928d73342bb6260456d850f9c59f3c48c7c4ffbce32ea9238f6eee"
 		score = 75
@@ -88881,8 +92561,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F2F8Eb6B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01721b9c024ca943f42c402a57f45bd4c77203a604c5c2cd26e5670df76a95b2"
 		logic_hash = "b6555e69b663591550976fd44352ecbdf0a0aef1e07a64396a576125a4fe4ba6"
 		score = 75
@@ -88910,8 +92590,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_89671B03 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "001098473574cfac1edaca9f1180ab2005569e094be63186c45b48c18f880cf8"
 		logic_hash = "dfa7027c4fa0cbde33df87063fea4ecf51a085f3cc1805123c62747882d0a07e"
 		score = 75
@@ -88939,8 +92619,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Dbc73Db0 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9fe78e4dd7975856a74d8dfd83e69793a769143e0fe6994cbc3ef28ea37d6cf8"
 		logic_hash = "4a7453342fd72dacb781919d3fac3bab02e7ef7c882d5938a2e0e1274c704705"
 		score = 75
@@ -88968,8 +92648,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Ec339160 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0002b469972f5c77a29e2a2719186059a3e96a6f4b1ef2d18a68fee3205ea0ba"
 		logic_hash = "9c1d1254093b172798024c42a6d78f5e6720d20b8c2a8ad4ca26c8e88e42f0e8"
 		score = 75
@@ -88997,8 +92677,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_7Cd57E18 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1eecf16dae302ae788d1bc81278139cd9f6af52d7bed48b8677b35ba5eb14e30"
 		logic_hash = "97604cdc9daa9993b9a18dc5df7ab105a5e6001129bcfcfeeb86640bee26f59d"
 		score = 75
@@ -89026,8 +92706,8 @@ rule ELASTIC_Windows_Vulndriver_Vmdrv_7C674F8E : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351"
 		logic_hash = "87f29b861d5239c60e44541fe31ed90696068225b1b6d824dc9b06fcdb1597ae"
 		score = 75
@@ -89057,8 +92737,8 @@ rule ELASTIC_Windows_Trojan_Blister_Cb99A1Df : FILE MEMORY
 		date = "2021-12-21"
 		modified = "2022-01-13"
 		reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Blister.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Blister.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00"
 		logic_hash = "deb1be5300d8af12dda868dd5f4ccdbb3ec653bd97c33a09e567c13ecafb9e8a"
 		score = 75
@@ -89088,8 +92768,8 @@ rule ELASTIC_Windows_Trojan_Blister_9D757838 : FILE MEMORY
 		date = "2022-04-26"
 		modified = "2022-06-09"
 		reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Blister.yar#L24-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Blister.yar#L24-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "863de84a39c9f741d8103db83b076695d0d10a7384e4e3ba319c05a6018d9737"
 		logic_hash = "4d9ce1622d77b2ac8b20b2dfb60ac672752dabab315221a5449ebd3c73a3edca"
 		score = 75
@@ -89118,8 +92798,8 @@ rule ELASTIC_Windows_Trojan_Blister_68B53E1B : FILE MEMORY
 		date = "2023-08-02"
 		modified = "2023-08-08"
 		reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Blister.yar#L46-L66"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Blister.yar#L46-L66"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db"
 		logic_hash = "6d935461406a6b9b39867d52aa5ecb088945ae0f8c56895a67e8565e5a2a3699"
 		score = 75
@@ -89148,8 +92828,8 @@ rule ELASTIC_Windows_Trojan_Blister_487B0966 : FILE MEMORY
 		date = "2023-09-11"
 		modified = "2023-09-20"
 		reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Blister.yar#L68-L89"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Blister.yar#L68-L89"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db"
 		logic_hash = "521409d03335205507cc6894e0de3ca627eb966a95a2f8e7b931e552ad78bbb7"
 		score = 75
@@ -89179,8 +92859,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_83715433 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba"
 		logic_hash = "7a7328322c2c1e128e267e92de0964e78ad9f49b7de8ec69d7f0632c69723a7d"
 		score = 75
@@ -89208,8 +92888,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_28A2Fe0C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "04bbc6c40cdd71b4185222a822d18b96ec8427006221f213a1c9e4d9c689ce5c"
 		score = 75
 		quality = 73
@@ -89236,8 +92916,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eb96Cc26 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "440318179ba2419cfa34ea199b49ee6bdecd076883d26329bbca6dca9d39c500"
 		logic_hash = "3d8740a6cca4856a73ea745877a3eb39cbf3ad4ca612daabd197f551116efa04"
 		score = 75
@@ -89265,8 +92945,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5008Aee6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b32cd71fcfda0a2fcddad49d8c5ba8d4d68867b2ff2cb3b49d1a0e358346620c"
 		logic_hash = "538bae17dcf0298e379f656e1dba794b75af6c7448a23253a51994bde9d30524"
 		score = 75
@@ -89294,8 +92974,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6321B565 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730"
 		logic_hash = "ad5c73ab68059101acf2fd8cfb3d676fd1ff58811e1c4b9008c291361ee951b8"
 		score = 75
@@ -89323,8 +93003,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A6A2Adb9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "8f5fc4cb1ad51178701509a44a793e119fe7e7fad97eafcac8be14fce64e3b7b"
 		score = 75
@@ -89352,8 +93032,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_C573932B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68"
 		logic_hash = "174a3fcebc1e17cc35ddc11fde1798164b5783fc51fdf16581a9690c3b4d6549"
 		score = 75
@@ -89381,8 +93061,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A10161Ce : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "12ba13a746300d1ab1d0386b86ec224eebf4e6d0b3688495c2fee6a7eccc361d"
 		score = 75
 		quality = 75
@@ -89409,8 +93089,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ae01D978 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c6c22b11dc1f0d4996e5da92c6edf58b7d21d7be40da87ddd39ed0e2d4c84072"
 		score = 75
 		quality = 75
@@ -89437,8 +93117,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9E9530A7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961"
 		logic_hash = "6a5a80e58c86a80f8954e678a2cc26b258d7d7c50047a3e71f3580f1780e3454"
 		score = 75
@@ -89466,8 +93146,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5Bf62Ce4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68"
 		logic_hash = "848e0c796584cfa21afc182da5f417f5467ae84c74f52cabc13e0f5de4990232"
 		score = 75
@@ -89495,8 +93175,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F3D83A74 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "2db46180e66c9268a97d63cd1c4eb8439e6882b4e3277bc4848e940e4d25482f"
 		score = 75
@@ -89524,8 +93204,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_807911A2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "66b15304d5ed22daea666bd0e2b18726b8a058361ff8d69b974bfded933a4d8c"
 		score = 75
 		quality = 75
@@ -89552,8 +93232,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9C18716C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0e70dc82b2049a6f5efcc501e18e6f87e04a2d50efcb5143240c68c4a924de52"
 		score = 75
 		quality = 75
@@ -89580,8 +93260,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fbed4652 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2ea21358205612f5dc0d5f417c498b236c070509531621650b8c215c98c49467"
 		logic_hash = "fc1f501123ab7421034e183186b077f65838b475f883d4ff04e8fc8a283424ef"
 		score = 75
@@ -89609,8 +93289,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_94A44Aa5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a7694202f9c32a9d73a571a30a9e4a431d5dfd7032a500084756ba9a48055dba"
 		logic_hash = "deb46c2960dc4868b7bac1255d8753895950bc066dec03674a714860ff72ef2c"
 		score = 60
@@ -89638,8 +93318,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E0673A90 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6"
 		logic_hash = "149147eedd66f9ca2dad9cb69f37abc849d44331ec1b5d2917ab3867ced0b274"
 		score = 75
@@ -89667,8 +93347,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_821173Df : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163"
 		logic_hash = "1c6c7666983c43176aa1a9628fb4352f8f11729e02dda13669ca2e62aed5f4ee"
 		score = 75
@@ -89696,8 +93376,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_31796A40 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "227c7f13f7bdadf6a14cc85e8d2106b9d69ab80abe6fc0056af5edef3621d4fb"
 		logic_hash = "0e0e901d12edd77e77a205f8547f891f483fc8676493e9b7a324e970225af3c9"
 		score = 75
@@ -89725,8 +93405,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_750Fe002 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68"
 		logic_hash = "eb9907d8a63822c2e3ab57d43dca8ede7876610f029e2f9c10c9eeace9ea0078"
 		score = 75
@@ -89754,8 +93434,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6122Acdf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "140b32a8f2b7493b068e63a05b3d9baec6ec14c9f2062c7e760dde96335e29f1"
 		score = 75
 		quality = 75
@@ -89782,8 +93462,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A0A4De11 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417"
 		logic_hash = "220c6ba82b906f070123b3bae9aafa72c0fb3bc8d5858a4f4bd65567076eb73d"
 		score = 75
@@ -89811,8 +93491,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A473Dcb6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7ba74e3cb0d633de0e8dbe6cfc49d4fc77dd0c02a5f1867cc4a1f1d575def97d"
 		logic_hash = "106ee9cd9c368674ae08b835f54dbb6918b553e3097aae9b0de88f55420f046b"
 		score = 75
@@ -89840,8 +93520,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_30444846 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c84b81d79d437bb9b8a6bad3646aef646f2a8e1f1554501139648d2f9de561da"
 		logic_hash = "26bc95efb2ea69fece52cf3ab38ce35891c77fc0dac3e26e5580ba3a88e112e9"
 		score = 75
@@ -89869,8 +93549,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ea92Cca8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5a9598b3fd37b15444063403a481df1a43894ddcbbd343961e1c770cb74180c9"
 		score = 75
 		quality = 73
@@ -89897,8 +93577,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D4227Dbf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961"
 		logic_hash = "7953b8d08834315a6ca2c0c8ac1ec7b74a6ffcb71cec4fc053c24e1b59232c0c"
 		score = 75
@@ -89926,8 +93606,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_09C3070E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "f8f8e8883cf1e51fbaef81b8334ac5fa45a54682d285282da62c80e4aa50a48d"
 		score = 75
@@ -89955,8 +93635,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fa19B8Fc : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a7cfc16ec33ec633cbdcbff3c4cefeed84d7cbe9ca1f4e2a3b3e43d39291cd6b"
 		logic_hash = "cddf3b9948b9bc685ff7d4c00377d0f80861169707777022297e549bd166dbf0"
 		score = 75
@@ -89984,8 +93664,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eaa9A668 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62"
 		logic_hash = "05e9047342a9d081a09f8514f0ec32d72bc43a286035014ada90b0243f92cfa8"
 		score = 75
@@ -90013,8 +93693,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_46Eec778 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1"
 		logic_hash = "08e77a31005e14a06197857301e22d20334c1f2ef7fc06a4208643438377f4c4"
 		score = 75
@@ -90042,8 +93722,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F51C5Ac3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d"
 		logic_hash = "e82b5ddb760d5bdcd146e1de12ec34c4764e668543420765146e22dee6f5732b"
 		score = 75
@@ -90071,8 +93751,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_71E487Ea : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b"
 		logic_hash = "3de9e0e3334e9e6e5906886f95ff8ce3596f85772dc25021fb0ee148281cf81c"
 		score = 75
@@ -90100,8 +93780,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6620Ec67 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b91eb196605c155c98f824abf8afe122f113d1fed254074117652f93d0c9d6b2"
 		logic_hash = "2df2c8cdc2cb545f916159d44a800708b55a2993cd54a4dcf920a6a8dc6361e7"
 		score = 75
@@ -90129,8 +93809,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D996D335 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda"
 		logic_hash = "212c75ab61eac8b3ed2049966628dfc81ae5a620b4a4b38aaa0696d594910dea"
 		score = 75
@@ -90158,8 +93838,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D0C57A2E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2ac51f0943d573fdc9a39837aeefd9158c27a4b3f35fbbb0a058a88392a53c14"
 		score = 75
 		quality = 75
@@ -90186,8 +93866,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_751Acb94 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1963351d209168f4ae2268d245cfd5320e4442d00746d021088ffae98e5da454"
 		score = 75
 		quality = 75
@@ -90214,8 +93894,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_656Bf077 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6"
 		logic_hash = "0c9728304e720eb2cd00afad8d16f309514473dece48fa94af6a72ca41705a36"
 		score = 75
@@ -90243,8 +93923,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E6D75E6F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8"
 		logic_hash = "339dd33a3313a4a94d2515cd4c2100ac6b9d5e0029881494c28dc3e7c8a05798"
 		score = 75
@@ -90272,8 +93952,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_7167D08F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68"
 		logic_hash = "88c07bf06801192f38ef66229a0aa5c1ef6242caeb080ce1c7cd13ad0d540c82"
 		score = 75
@@ -90301,8 +93981,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_27De1106 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d"
 		logic_hash = "4e266e1ae31d7d86866b112a04ca38c0a8185c18ebb10ac6497bbaa69f51b2fd"
 		score = 75
@@ -90330,8 +94010,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_148B91A2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825"
 		logic_hash = "1a974c0882c2d088c978a52e5b535807c86f117cf2f05c40c084e849b1849f5b"
 		score = 75
@@ -90359,8 +94039,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_20F5E74F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b"
 		logic_hash = "067f1c15961c1ddceecb490b338db9f5b8501d89b38e870edfa628d21527dc1c"
 		score = 75
@@ -90388,8 +94068,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_1B2E2A3A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d"
 		logic_hash = "6f40f868d20f0125721eb2a7934b356d69b695d4a558155a2ddcd0107d3f8c30"
 		score = 75
@@ -90417,8 +94097,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_620087B9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961"
 		logic_hash = "411451ea326498a25af8be5cd43fe0b98973af354706268c89828b88ece5e497"
 		score = 75
@@ -90446,8 +94126,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Dd0D6173 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6"
 		logic_hash = "7061edef1981e2b93bcdd8be47c0f6067acc140a543eed748bf0513f182e0a59"
 		score = 75
@@ -90475,8 +94155,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_779E142F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "80ba5a1cf333fafc6a1d7823ca4a8d5c30c1c07a01d6d681c22dd29e197089f1"
 		score = 75
@@ -90504,8 +94184,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Cf84C9F2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "9af164ece7e7e0f33dc32f18735a8f655593ae6cde34e05108f3221b71aa8676"
 		score = 75
@@ -90533,8 +94213,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0Cd591Cd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4300bdd173dfb33ca34c0f2fe4fa6ee071e99d5db201262e914721aad0ad433b"
 		score = 75
 		quality = 75
@@ -90561,8 +94241,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_859042A0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0"
 		logic_hash = "b8daa4a136a6511472703687fe56fbca2bd005a1373802a46c8d211b6d039d75"
 		score = 75
@@ -90590,8 +94270,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33B4111A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961"
 		logic_hash = "a08c0f7be26e2e9abfaa392712895bb3ce1d12583da4060ebe41e1a9c1491b7c"
 		score = 75
@@ -90619,8 +94299,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4F43B164 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f0fdb3de75f85e199766bbb39722865cac578cde754afa2d2f065ef028eec788"
 		logic_hash = "79a17e70e9b7af6e53f62211c33355a4c46a82e7c4e80c20ffe9684e24155808"
 		score = 75
@@ -90648,8 +94328,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E4A1982B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4cd7aa205b3571cffca208e315d6311fa92a5993e2a8e40d342d6184811f42f0"
 		score = 75
 		quality = 75
@@ -90676,8 +94356,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_862C4E0E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1"
 		logic_hash = "a1dce44e76f9d2a517c4849c58dfecb07e1ef0d78fddff10af601184d636583f"
 		score = 75
@@ -90705,8 +94385,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9127F7Be : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d"
 		logic_hash = "2b1fa115598561e081dfb9b5f24f6728b0d52cb81ac7933728d81646f461bcae"
 		score = 75
@@ -90734,8 +94414,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0E03B7D3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "845be03fac893f8e914aabda5206000dc07947ade0b8f46cc5d58d8458f035f6"
 		score = 75
 		quality = 75
@@ -90762,8 +94442,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32Eb0C81 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df"
 		logic_hash = "a06d9e1190ba79b0e19cab7468f01a49359629a6feb27b7d72f3d1d52d1483d7"
 		score = 75
@@ -90791,8 +94471,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9Abf7E0C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "00276330e388d07368577c4134343cb9fc11957dba6cff5523331199f1ed04aa"
 		score = 75
 		quality = 75
@@ -90819,8 +94499,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33801844 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2ceff60e88c30c02c1c7b12a224aba1895669aad7316a40b575579275b3edbb3"
 		logic_hash = "20b8ebce14776e48310be099afd0dca0f28778d0024318b339b75e2689f70128"
 		score = 75
@@ -90848,8 +94528,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A33A8363 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3fe17dc43f07dacdad6ababf141983854b977e244c0af824fea0ab953ad70fee"
 		score = 75
 		quality = 75
@@ -90876,8 +94556,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9A62845F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f67f8566beab9d7494350923aceb0e76cd28173bdf2c4256e9d45eff7fc8cb41"
 		logic_hash = "b3ab125c8bfb5b7a0be0e92cf5a50057e403ab3597698ec2e7a8bafa0d3a8b80"
 		score = 75
@@ -90905,8 +94585,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4D81Ad42 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3021a861e6f03df3e7e3919e6255bdae6e48163b9a8ba4f1a5c5dced3e3e368b"
 		logic_hash = "57b54eed37690949ba2d4eff713691f16f00207d7b374beb7dfa2e368588dbb0"
 		score = 75
@@ -90934,14 +94614,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6A510422 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4384536817bf5df223d4cf145892b7714f2dbd1748930b6cd43152d4e35c9e56"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -90962,14 +94642,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D2953F92 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d0af462d26f6ffe469c57d63f1f7d551e3fb9cc39c7e4c35b3e71f659c01c076"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -90990,14 +94670,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6Ae4B580 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "eb0fe44df1c995c5d4e3a361c3e466f78cb70bffbc76d1b7b345ee651b313b9e"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "279e344d6da518980631e70d7b1ded4ff1b034d24e4b4fe01b36ed62f5c1176c"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91018,14 +94698,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D608Cf3B : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ad5b7d32c85adc7f778a8f4815e595b90a6f15dec048bcf97c6ab179582eb4f7"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "3825aa1c9cddb46fdef6abc0503b42acbca8744dd89b981a3eea8db2f86a8a76"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91046,14 +94726,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_3F8Cf56E : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1878f0783085cc6beb2b81cfda304ec983374264ce54b6b98a51c09aea9f750d"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b2cf8b1913a88e6a6346f0ac8cd2e7c33b41d44bf60ff7327ae40a2d54748bd9"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "77306f0610515434371f70f2b42c895cdc5bbae2ef6919cf835b3cfe2e4e4976"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91074,14 +94754,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fb14E81F : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2efb958c269640c374485502611372f4404cf35d7ab704d20ce37b8c1f69645d"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "12b430108256bd0f57f48b9dbbea12eba7405c0b3b66a1c4b882647051f1ec52"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91102,14 +94782,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E09726Dc : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "1e64187b5e3b5fe71d34ea555ff31961404adad83f8e0bd1ce0aad056a878d73"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ebd00e593a7fcd46e36fd0ca213e1f82c0f4a94448b6fd605d35cea45a490493"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "614d54b3346835cd5c2a36a54cae917299b1a1ae0d057e3fa1bb7dddefc1490f"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91130,14 +94810,14 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ad12B9B6 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "f0411131acfddb40ac8069164ce2808e9c8928709898d3fb5dc88036003fe9c8"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "72a85d14eb8ab78364ea2e8b89d9409c0046b14602f4a3415d829f4985fb2de3"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "46d86406f7fb25f0e240abc13e86291c56eb7468d0128fdff181f28d4f978058"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -91158,8 +94838,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0535Ebf7 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "77e18bb5479b644ba01d074057c9e2bd532717f6ab3bb88ad2b7497b85d2a5de"
 		logic_hash = "eb574468e9d371def0da74e6aba827272181399a84388a14ffb167ec6ebd40d1"
 		score = 75
@@ -91187,8 +94867,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32A7Edd2 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf"
 		logic_hash = "af26549c1cad0975735e2c233bc71e5e1b0e283d02552fdaea02656332ecd854"
 		score = 75
@@ -91216,8 +94896,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D7F35B54 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf"
 		logic_hash = "d827e21c09b8dce65db293aa57b39f49f034537bb708471989ad64e653c479be"
 		score = 75
@@ -91245,8 +94925,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F11E98Be : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf"
 		logic_hash = "9b9122f0897610dff6b37446b3cecbfcec3dce8dc7e1934e78cc32d5f6ac9648"
 		score = 75
@@ -91274,8 +94954,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_8D4E4F4A : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf"
 		logic_hash = "11ee101a936f8e6949701e840ef48a0fe102099ea3b71c790b9a5128e5c59029"
 		score = 75
@@ -91303,8 +94983,8 @@ rule ELASTIC_Windows_Trojan_Xworm_732E6C12 : FILE MEMORY
 		date = "2023-04-03"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Xworm.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Xworm.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bf5ea8d5fd573abb86de0f27e64df194e7f9efbaadd5063dee8ff9c5c3baeaa2"
 		logic_hash = "6aa72029eeeb2edd2472bf0db80b9c0ae4033d7d977cbee75ac94414d1cdff7a"
 		score = 75
@@ -91338,8 +95018,8 @@ rule ELASTIC_Linux_Trojan_Shark_B918Ab75 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Shark.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Shark.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8b6fe9f496996784e42b75fb42702aa47aefe32eac6f63dd16a0eb55358b6054"
 		logic_hash = "16302c29f2ae4109b8679933eb7fd9ef9306b0c215f20e8fff992b0b848974a9"
 		score = 75
@@ -91367,8 +95047,8 @@ rule ELASTIC_Linux_Exploit_CVE_2014_3153_1C1E02Ad : FILE MEMORY CVE_2014_3153
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "64b8c61b73f0c0c0bd44ea5c2bcfb7b665fcca219dbe074a4a16ae20cd565812"
 		logic_hash = "42e9de7f306343c4c3e7fd02b414b429faacb837fb2910f98f0c1519da40074c"
 		score = 75
@@ -91396,8 +95076,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_4557_B7E15F5E : FILE MEMORY CVE_2016_4557
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271"
 		logic_hash = "9c40233fec9607404ca4f78313e0f62922180e5ef88dbf801dd60725af61bdde"
 		score = 75
@@ -91425,8 +95105,8 @@ rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d6c8e15cb65102b442b7ee42186c58fa69cd0cb68f4fd47eb5ad23763371e0be"
 		logic_hash = "a2e6016bfd8475880c28c89b5f5beeef1335de9529d44bbe7c5aaa352aab9a29"
 		score = 75
@@ -91454,8 +95134,8 @@ rule ELASTIC_Windows_Trojan_Xtremerat_Cd5B60Be : FILE MEMORY
 		date = "2022-03-15"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "735f7bf255bdc5ce8e69259c8e24164e5364aeac3ee78782b7b5275c1d793da8"
 		logic_hash = "a6997ae4842bd45c440925ef2a5848b57c58e2373c0971ce6b328ea297ee97b4"
 		score = 75
@@ -91492,8 +95172,8 @@ rule ELASTIC_Windows_Vulndriver_Fiddrv_E7875A5A : FILE
 		date = "2023-07-25"
 		modified = "2023-07-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158"
 		logic_hash = "aa1635c651c8364ad2ee93b369dd583fce699001d753e46de013c476d185eef1"
 		score = 75
@@ -91525,8 +95205,8 @@ rule ELASTIC_Windows_Hacktool_Rubeus_43F18623 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7b4691ad1cdad7663c32d07e911a03d9cc8b104f724c2825fd4957007649235"
 		logic_hash = "8714f30e12c0dc61c83491a71dbf9f1e9b6bc66663a8f2c069e7a7841d52cf68"
 		score = 75
@@ -91562,8 +95242,8 @@ rule ELASTIC_Linux_Trojan_Godropper_Bae099Bd : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Godropper.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Godropper.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "704643f3fd11cda1d52260285bf2a03bccafe59cfba4466427646c1baf93881e"
 		logic_hash = "ef6274928f7cfc0312122ac3e4153fb0a78dc7d5fb2d68db6cbe4974f5497210"
 		score = 75
@@ -91591,8 +95271,8 @@ rule ELASTIC_Windows_Trojan_Quasarrat_E52Df647 : FILE MEMORY
 		date = "2021-06-27"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d"
 		logic_hash = "41f32e0c9b3b43d10baef10060e064ad860558bcdeb4281a30d30c16615ed21d"
 		score = 75
@@ -91624,8 +95304,8 @@ rule ELASTIC_Windows_Hacktool_Sharprdp_80895Fcb : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876"
 		logic_hash = "ef9a92f2ed29f508dca591e9c65a6ce0013ccdfd0c62770e8840be2f3ee5982e"
 		score = 75
@@ -91657,8 +95337,8 @@ rule ELASTIC_Linux_Trojan_Cerbu_69D5657E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f10bf3cf2fdfbd365d3c2d8dedb2d01b85236eaa97d15370dbcb5166149d70e9"
 		logic_hash = "644e8d5a1b5c8618e71497f21b0244215924e293e274b9164692dd927cd74ba8"
 		score = 75
@@ -91686,8 +95366,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "baa5808fcf22700ae96844dbf8cb3bec52425eec365d2ba4c71b73ece11a69a2"
 		score = 75
 		quality = 75
@@ -91714,8 +95394,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_7Cdbe9Fa : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6"
 		logic_hash = "c6f5d2cf0430301ec0eae57808100203b69428f258e0e6882fecbc762d73f4bf"
 		score = 75
@@ -91743,8 +95423,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_2C1Ffe78 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6"
 		logic_hash = "9561511710eef5877c5afa49890b77fbad31a6e312b5cd33fc01f91ff2a73583"
 		score = 75
@@ -91772,8 +95452,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_85276Fb4 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6"
 		logic_hash = "6919afd133e7e369eece10ea79d9d17a1a3fbb6210593395e0be157f8c262811"
 		score = 75
@@ -91801,8 +95481,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_99349371 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e8dbb246fdd1a50226a36c407ac90eb44b0cf5e92bf0b92c89218f474f9c2afb"
 		logic_hash = "26160e855c63fc0b73e415de2fe058f2005df1ec5544d21865d022c5474df30c"
 		score = 75
@@ -91830,8 +95510,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_B9F045Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2565101b261bee22ddecf6898ff0ac8a114d09c822d8db26ba3e3571ebe06b12"
 		score = 75
 		quality = 75
@@ -91858,8 +95538,8 @@ rule ELASTIC_Windows_Trojan_Xpertrat_Ce03C41D : FILE MEMORY
 		date = "2021-08-06"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d7f2fddb43eb63f9246f0a4535dfcca6da2817592455d7eceaacde666cf1aaae"
 		logic_hash = "f6ff0a11f261bc75c9d0015131f177d39bb9e8e30346a75209ba8fa808ac4fcb"
 		score = 75
@@ -91889,8 +95569,8 @@ rule ELASTIC_Windows_Infostealer_Phemedronestealer_Bed8Ea8A : FILE MEMORY
 		date = "2024-03-21"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "38279fdad25c7972be9426cadb5ad5e3ee7e9761b0a41ed617945cb9a3713702"
 		logic_hash = "88fc33abfe6c7a611aa0c354645b06e9e74121ffc9a5acd20b4d3a59287489d6"
 		score = 75
@@ -91929,8 +95609,8 @@ rule ELASTIC_Linux_Ransomware_Ragnarlocker_9F5982B8 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f668f74d8808f5658153ff3e6aee8653b6324ada70a4aa2034dfa20d96875836"
 		logic_hash = "c08579dc675a709add392a0189d01e05af61034b72f451d2b024c89c1299ee6c"
 		score = 75
@@ -91960,8 +95640,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_D9A9173A : FILE MEMORY
 		date = "2022-11-08"
 		modified = "2024-02-13"
 		reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7"
 		logic_hash = "93961d9771aa4e828e15923064a848291c7814ad4e15e30cd252fc41523d789e"
 		score = 75
@@ -91992,8 +95672,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_E87C9D50 : FILE MEMORY
 		date = "2022-11-08"
 		modified = "2024-02-13"
 		reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fd285c2fb4d42dde23590118dba016bf5b846625da3abdbe48773530a07bcd1e"
 		logic_hash = "455ecf97e7becaf9c40843f8a3f60ec233d35e0061c6994f168428a8835c1b20"
 		score = 75
@@ -92025,8 +95705,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_3Bcac358 : FILE MEMORY
 		date = "2022-11-08"
 		modified = "2024-02-13"
 		reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ad16989a3ebf0b416681f8db31af098e02eabd25452f8d781383547ead395237"
 		logic_hash = "f260372b9f2ea32f93ff7a30dc8239766e713a1e177a483444b14538741c24af"
 		score = 75
@@ -92057,8 +95737,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4ac275275e7be694a200fe6c5c5746256398c109cf54f45220637fe5d9e26ba"
 		logic_hash = "979d2ae62efca0f719ed1db2ff832dc9a0aa0347dcd50ccede29ec35cba6d296"
 		score = 75
@@ -92086,8 +95766,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_30C039E2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b494ca3b7bae2ab9a5197b81e928baae5b8eac77dfdc7fe1223fee8f27024772"
 		logic_hash = "a9dbfede68a3209b403aa40dbc5b69326c3e1c14259ed6bc6351f0f9412cfce2"
 		score = 75
@@ -92115,8 +95795,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_C94Eec37 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "294fcdd57fc0a53e2d63b620e85fa65c00942db2163921719d052d341aa2dc30"
 		logic_hash = "39a49e1661ac2ca6a43a56b0bd136976f6d506c0779d862a43ba2c25d6947fee"
 		score = 75
@@ -92144,8 +95824,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_F806D5D9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da"
 		logic_hash = "86336f662e3abcf2fe7635155782c549fc9eef514356bf78bfbc3b65192e2d90"
 		score = 75
@@ -92173,8 +95853,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0Fa3A6E9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a"
 		logic_hash = "970062e909ffe5356b750605f2c44a6e893949bc5bc71be3ea98b16e51629d4d"
 		score = 75
@@ -92202,8 +95882,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_36A98405 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304"
 		logic_hash = "a32d324d1865a7796faefbc2f209e6043008a696929fe7837afbbc770e6f4c74"
 		score = 75
@@ -92231,8 +95911,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0C6686B8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62"
 		logic_hash = "731bb3f9957e8777040c0b7b316a818f4ee1ca9a113fb9eed24ee61bfc71e11d"
 		score = 75
@@ -92260,8 +95940,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_9Ce5B69F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ad63fbd15b7de4da0db1b38609b7481253c100e3028c19831a5d5c1926351829"
 		logic_hash = "b9756eb99e59ba3a9a616b391bcf26bda26a6ac0de115460f9ba52129f590764"
 		score = 75
@@ -92289,8 +95969,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_55A80Ab6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da"
 		logic_hash = "1fc29f98e9ea2a5b67d0a88f37813a5e62b5f1d2a26aee74f90e9ead445dc713"
 		score = 75
@@ -92318,8 +95998,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_E98B83Ee : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417"
 		logic_hash = "8b16c0fee991ee2143a20998097066a90b1f20060bac7b42e5c3188adcdc7907"
 		score = 75
@@ -92347,8 +96027,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_8A11F9Be : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571"
 		logic_hash = "f80dcb3579a76da787e9bb2bfb02ef86e464aec1bea405f02642b8c8902c7663"
 		score = 75
@@ -92376,8 +96056,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_2462067E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3847f1c7c15ce771613079419de3d5e8adc07208e1fefa23f7dd416b532853a1"
 		logic_hash = "cf6c0703f9108f8193e0a9c18ba3d76263527a13fe44e194fa464d399512ae05"
 		score = 75
@@ -92405,8 +96085,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0A028640 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e36081f0dbd6d523c9378cdd312e117642b0359b545b29a61d8f9027d8c0f2f0"
 		logic_hash = "663f110c7214498466759b66a83ff1844f5bf45ce706fa8ad0e8b205cc9c8f72"
 		score = 75
@@ -92434,8 +96114,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_6B3974B2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04"
 		logic_hash = "7c44a0abcd51a6b775fc379b592652ebb10faf16c039ca23b20984183340cada"
 		score = 75
@@ -92463,8 +96143,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_87Bcb848 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857"
 		logic_hash = "60e8aa7e27ea0bec665075a373ce150c21af4cddfd511b7ec771293126f0006c"
 		score = 75
@@ -92492,8 +96172,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Ad60D7E8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1253a8cd1a5230f1ec1f8c7ecd07f89f28acf5c2aa92395c6cb9e635c16a1e25"
 		score = 75
 		quality = 73
@@ -92520,8 +96200,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "20439a8fc21a94c194888725fbbb7a7fbeef5faf4b0f704559d89f1cd2e57d9d"
 		logic_hash = "548f531429132392f6d9bccff706b56ba87d8e44763116dedca5d0baa5097b92"
 		score = 75
@@ -92540,35 +96220,6 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY
 	condition:
 		all of them
 }
-rule ELASTIC_Linux_Trojan_Tsunami_0E52C842 : FILE MEMORY
-{
-	meta:
-		description = "Detects Linux Trojan Tsunami (Linux.Trojan.Tsunami)"
-		author = "Elastic Security"
-		id = "0e52c842-f65e-4c77-8081-ae2f160e35f4"
-		date = "2021-01-12"
-		modified = "2021-09-16"
-		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
-		hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417"
-		logic_hash = "35046c6686ee7239844e2fbd092b4ab91a1c22606062fb0031bdb28bfa2c9827"
-		score = 75
-		quality = 75
-		tags = "FILE, MEMORY"
-		fingerprint = "70fdfb7aa5d1eff98e4e216e7a60ed1ba4d75ed1f47a57bf40eeaf35a92c88e4"
-		severity = 100
-		arch_context = "x86"
-		scan_context = "file, memory"
-		license = "Elastic License v2"
-		os = "linux"
-
-	strings:
-		$a = { 55 48 89 E5 53 48 83 EC 38 89 7D E4 48 89 75 D8 89 55 D4 48 89 }
-
-	condition:
-		all of them
-}
 rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY
 {
 	meta:
@@ -92578,8 +96229,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857"
 		logic_hash = "7a63eb94266b04a31ba67165c512e2e060c3e344665aeed748a51943143b2219"
 		score = 75
@@ -92607,8 +96258,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_7C545Abf : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "95691c7ad1d80f7f1b5541e1d1a1dbeba30a26702a4080d256f14edb75851c5d"
 		logic_hash = "fa50ccc4c85417d18a84b7f117f853609c44b17c488a937cdc7495e2d32757f7"
 		score = 75
@@ -92636,8 +96287,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_32C0B950 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "214c1caf20ceae579476d3bf97f489484df4c5f1c0c44d37ff9b9066072cd83c"
 		logic_hash = "db077e5916327ca78fcc9dc35f64e5c497dbbe60c4a0c1eb7abb49c555765681"
 		score = 75
@@ -92665,8 +96316,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Cbf50D9C : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b64d0cf4fc4149aa4f63900e61b6739e154d328ea1eb31f4c231016679fc4aa5"
 		logic_hash = "331a35fb3ecc54022b1d4d05bd64e7c5c6a7997b06dbea3a36c33ccc0a2f7086"
 		score = 75
@@ -92694,8 +96345,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_40C25A06 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "61af6bb7be25465e7d469953763be5671f33c197d4b005e4a78227da11ae91e9"
 		logic_hash = "38976911ff9e56fae27fad8b9df01063ed703f43c8220b1fbcef7a3945b3f1ad"
 		score = 75
@@ -92723,8 +96374,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_35806Adc : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b"
 		logic_hash = "6e9d3e5c0a33208d1b5f4f84f8634955e70bd63395b367cd1ece67798ce5e502"
 		score = 75
@@ -92752,8 +96403,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D74D7F0C : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b0a8b2259c00d563aa387d7e1a1f1527405da19bf4741053f5822071699795e2"
 		logic_hash = "6f5313fc9e838bd06bd4e797ea7fb448073849dc714ecf18809f94900fa11ca2"
 		score = 75
@@ -92781,8 +96432,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_71D31510 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "33dd6c0af99455a0ca3908c0117e16a513b39fabbf9c52ba24c7b09226ad8626"
 		logic_hash = "18bfe9347faf1811686a61e0ee0de5cef842beb25fb06793947309135c41de89"
 		score = 75
@@ -92810,8 +96461,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_97288Af8 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Tsunami.yar#L540-L558"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c39eb055c5f71ebfd6881ff04e876f49495c0be5560687586fc47bf5faee0c84"
 		logic_hash = "c5b521cc887236a189dca419476758cee0f1513a8ad81c94b1ff42e4fe232b8e"
 		score = 75
@@ -92839,8 +96490,8 @@ rule ELASTIC_Windows_Virus_Floxif_493D1897 : FILE MEMORY
 		date = "2023-09-26"
 		modified = "2023-11-02"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Virus_Floxif.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Virus_Floxif.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e628b7973ee25fdfd8f849fdf5923c6fba48141de802b0b4ce3e9ad2e40fe470"
 		logic_hash = "d3f516966bd4423c49771251075a1ea2f725aec91615f7f44dd098da2a4f3574"
 		score = 75
@@ -92868,8 +96519,8 @@ rule ELASTIC_Linux_Rootkit_Fontonlake_8Fa41F5E : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "826222d399e2fb17ae6bc6a4e1493003881b1406154c4b817f0216249d04a234"
 		logic_hash = "e90ace26dd74ae948d2469c6f532af5ec3070a21092f8b2c4d47c4f5b9d04c09"
 		score = 75
@@ -92904,8 +96555,8 @@ rule ELASTIC_Linux_Trojan_Orbit_57C23178 : FILE MEMORY
 		date = "2022-07-20"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Orbit.yar#L1-L40"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Orbit.yar#L1-L40"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020"
 		logic_hash = "25b29e874ea9d400662418ddbb1c995a5a5b49f8ba6f51f59f7aa57cdda74054"
 		score = 75
@@ -92954,8 +96605,8 @@ rule ELASTIC_Windows_Trojan_Poshc2_E2D3881E : FILE MEMORY
 		date = "2023-03-29"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7a718a4f74656346bd9a2e29e008705fc2b1c4d167a52bd4f6ff10b3f2cd9395"
 		logic_hash = "4f3e2a9f22826a155a3007193a0f75a5fde6e423734a60f30628ea3bb33d3457"
 		score = 75
@@ -92990,8 +96641,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_9130C0F3 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bed3561210e44c290cd410adadcdc58462816a03c15d20b5be45d227cd7dca6b"
 		logic_hash = "20e9ea15a437a17c4ef68f2472186f6d1ab3118d5b392f84fcb2bd376ec3863a"
 		score = 75
@@ -93022,8 +96673,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_Fc2E1271 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923"
 		logic_hash = "a20c76e53874fc0fec5fd2660c63c6f1e7c1b2055cbd2a9efdfd114cd6bdda5c"
 		score = 75
@@ -93051,8 +96702,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_86F9Ef0C : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59fb018e338908eb69be72ab11837baebf8d96cdb289757f1f4977228e7640a0"
 		logic_hash = "426d533d39e594123f742b15d0a93ded986b9b308685f7b2cfaf5de0b32cdbff"
 		score = 75
@@ -93080,8 +96731,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_40F9C1C3 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e402063ca317867de71e8e3189de67988e2be28d5d773bbaf75618202e80f9f6"
 		logic_hash = "546edc2d6d715eac47e7a8d3ceb91cf314fa6dbee04f0475a5c4a84ba53fd722"
 		score = 75
@@ -93109,8 +96760,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_0F9Fe37C : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923"
 		logic_hash = "84f9e8938d7e2b0210003fc8334b8fa781a40afffeda8d2341970b84ed5d3b5a"
 		score = 75
@@ -93138,8 +96789,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_1F4Bac78 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923"
 		logic_hash = "96db33e135138846f978026867bb2536226539997d060f41e7081f7f29b66c85"
 		score = 75
@@ -93167,8 +96818,8 @@ rule ELASTIC_Windows_Trojan_Rudebird_3Cbf7Bc6 : FILE MEMORY
 		date = "2023-05-09"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2095c3b6bde779b5661c7796b5e33bb0c43facf791b272a603b786f889a06a95"
 		score = 75
 		quality = 75
@@ -93195,8 +96846,8 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY
 		date = "2023-07-28"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Akira.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Akira.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296"
 		logic_hash = "a9b3cdddb3387251d7da90f32b08b9c1eedcdff1fe90d51f4732183666a6d467"
 		score = 75
@@ -93227,8 +96878,8 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY
 		date = "2023-08-28"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PlugX.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PlugX.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a823380e46878dfa8deb3ca0dc394db1db23bb2544e2d6e49c0eceeffb595875"
 		logic_hash = "a1a484f4cf00ec0775a3f322bae66ce5f9cc52f08306b38f079445233c49bf52"
 		score = 75
@@ -93251,6 +96902,37 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Trojan_Plugx_F338Dab5 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Plugx (Windows.Trojan.PlugX)"
+		author = "Elastic Security"
+		id = "f338dab5-8c8f-46d7-8f93-48077fc76da1"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PlugX.yar#L25-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "8af3fc1f8bd13519d78ee83af43daaa8c5e2c3f184c09f5c41941e0c6f68f0f7"
+		logic_hash = "0482305a73bc500aa7c266536cb8286ea796f6b1eaba39547bed22313bbb4457"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "7c9f3d739eb17c545ded116387400340117acc23f3ef9fec9eacf993f1d2eb80"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 45 08 FF B0 60 03 00 00 E8 A8 0C 00 00 83 C4 24 8D 45 08 89 }
+		$a2 = { 2C 5E 5F 5B 5D C3 CC 55 53 57 56 83 EC 10 8B 6C 24 30 8B 44 }
+		$a3 = { 89 4D D4 83 60 04 00 3B F3 75 40 E8 53 DA FF FF 8B 40 08 89 }
+
+	condition:
+		2 of them
+}
 rule ELASTIC_Windows_Trojan_Merlin_E8Ecb3Be : FILE MEMORY
 {
 	meta:
@@ -93260,8 +96942,8 @@ rule ELASTIC_Windows_Trojan_Merlin_E8Ecb3Be : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Merlin.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Merlin.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "768c120e63d3960a0842dcc538749955ab7caabaeaf3682f6d1e30666aac65a8"
 		logic_hash = "293158c981463544abd0c38694bfc8635ad1a679bbae115521b65879f145cea6"
 		score = 75
@@ -93289,8 +96971,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_Cfa94001 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0a26e67692605253819c489cd4793a57e86089d50150124394c30a8801bf33e6"
 		logic_hash = "b5a86a79384997f977d353371ccaa8c736f5c24af40b85a24076d4c4fb79a237"
 		score = 75
@@ -93318,8 +97000,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_A000F267 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c85cc6768a28fb7de16f1cad8d3c69d8f0b4aa01e00c8e48759d27092747ca6f"
 		logic_hash = "2a8cb11bb21f2ce620a6fa1f0fb932bef60a479fac836058ec4e8c760b5d60f9"
 		score = 75
@@ -93347,8 +97029,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_8B9E4F9F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0230c81ba747e588cd9b6113df6e1867dcabf9d8ada0c1921d1bffa9c1b9c75d"
 		logic_hash = "6979a900a2532a8da36711f3ffe13f71ec4efa7771aa2feec9391bd031aaa023"
 		score = 75
@@ -93376,8 +97058,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_055F88B8 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "607c8c5edc8cbbd79a40ce4a0eccf46e01447985d9415d1eff6a91bf64074507"
 		logic_hash = "29e59bb372f0b37b507c72e5b5bcb27ba0fa2aaac71ea77f0cab85af31708c8a"
 		score = 75
@@ -93405,8 +97087,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_431E689D : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1cbb09223f16af4cd13545d72dbeeb996900535b1e279e4bcf447670728de1e1"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "5b9a7ffcd6fc6893a8224fd2b9ca59f4cff6086669a73190114db510a1ad9ff2"
 		score = 75
 		quality = 75
@@ -93433,8 +97115,8 @@ rule ELASTIC_Macos_Cryptominer_Xmrig_241780A1 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f"
 		logic_hash = "9e091f6881a96abdc6592db385eb9026806befdda6bda4489470b4e16e1d4d87"
 		score = 75
@@ -93465,8 +97147,8 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY
 		date = "2022-02-17"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Farfli.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Farfli.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3"
 		logic_hash = "746eb5a2583077189d82d1a96b499ff383f31220845bd8a6df5b7a7ceb11e6fb"
 		score = 75
@@ -93485,6 +97167,35 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Linux_Trojan_Snowlight_F5C83D35 : FILE MEMORY
+{
+	meta:
+		description = "Detects Linux Trojan Snowlight (Linux.Trojan.Snowlight)"
+		author = "Elastic Security"
+		id = "f5c83d35-aaa5-4356-b4e7-93dc19c0c6b1"
+		date = "2024-05-16"
+		modified = "2024-06-12"
+		reference = "https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "7d6652d8fa3748d7f58d7e15cefee5a48126d0209cf674818f55e9a68248be01"
+		logic_hash = "fef8f44e897a0f453be2f84d28886d27e261f8256c53c0425c5265b138ce5f40"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "89adbef703bec7c41350e97141d414535f5935c6c6957a0f8b25e07f405ea70e"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "linux"
+
+	strings:
+		$a = { 48 83 EC 08 48 8B 05 A5 07 20 00 48 85 C0 74 05 E8 BB 00 00 00 48 83 C4 08 C3 00 00 00 00 00 00 FF 35 9A 07 20 00 FF 25 9C 07 20 00 0F 1F 40 00 FF 25 9A 07 20 00 68 00 00 00 00 E9 E0 FF FF FF }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY
 {
 	meta:
@@ -93494,8 +97205,8 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY
 		date = "2022-03-31"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494"
 		logic_hash = "e765953dec7c7b2a1fbebf92c2fff46453c8258722ad5ca92ba4c7526a8b0c66"
 		score = 75
@@ -93524,8 +97235,8 @@ rule ELASTIC_Macos_Trojan_Adload_4995469F : FILE MEMORY
 		date = "2021-10-04"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Adload.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Adload.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6464ca7b36197cccf0dac00f21c43f0cb09f900006b1934e2b3667b367114de5"
 		logic_hash = "cceb804a11b93b0e3f491016c47a823d9e6a31294c3ed05d4404601323b30993"
 		score = 75
@@ -93553,8 +97264,8 @@ rule ELASTIC_Macos_Trojan_Adload_9B9F86C7 : FILE MEMORY
 		date = "2021-10-04"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Adload.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Adload.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "952e6004ce164ba607ac7fddc1df3d0d6cac07d271d90be02d790c52e49cb73c"
 		logic_hash = "82297db23e036f22c90eee7b2654e84df847eb1c2b1ea4dcf358c48a14819709"
 		score = 75
@@ -93582,8 +97293,8 @@ rule ELASTIC_Macos_Trojan_Adload_F6B18A0A : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Adload.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Adload.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "06f38bb811e6a6c38b5e2db708d4063f4aea27fcd193d57c60594f25a86488c8"
 		logic_hash = "20d43fbf0b8155940e2e181f376a7b1979ce248d88dc08409aaa1a916777231c"
 		score = 75
@@ -93611,8 +97322,8 @@ rule ELASTIC_Linux_Trojan_Pornoasset_927F314F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93"
 		logic_hash = "7267375346c1628e04c8272c24bde04a5d6ae2b420f64dfe58657cfc3eecc0e7"
 		score = 75
@@ -93640,8 +97351,8 @@ rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93"
 		logic_hash = "1f80b2fd6121c2b36742c819a56626af2e1450dac0f62c67d93f09e4e140b75f"
 		score = 75
@@ -93684,8 +97395,8 @@ rule ELASTIC_Linux_Exploit_Criscras_Fc505C1D : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Criscras.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Criscras.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab"
 		logic_hash = "4d84570c13c584fb7360e798df9f3e6039ee74fdb6ad597add0ea150e3deaa80"
 		score = 75
@@ -93713,8 +97424,8 @@ rule ELASTIC_Windows_Trojan_Kronos_Cdd2E2C5 : FILE MEMORY
 		date = "2021-02-07"
 		modified = "2021-08-23"
 		reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Kronos.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Kronos.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f"
 		logic_hash = "a8943c5ef166446629cb46517d35db39c97a1e3efa3a7a0b5cb3d3ee9d1e6e9c"
 		score = 75
@@ -93747,16 +97458,16 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY
 		author = "Elastic Security"
 		id = "74e87a9d-11c1-4e86-bb3c-63a3c51c50df"
 		date = "2024-03-30"
-		modified = "2024-03-31"
+		modified = "2024-04-03"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049"
-		logic_hash = "da19960b104c1ab767c4578c75420f02242ebd8297ce0364e564025d7428e876"
+		logic_hash = "c777171c36d9369ade7bf44c7cc4e5aee16bb4c803431bc480cc0f8ebb2819c0"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
-		fingerprint = "f1982d1db5aacd2d6b0b4c879f9f75d4413e0d43e58ea7de2b7dff66ec0f93ab"
+		fingerprint = "6ec0ee53f66167f7f2bbe5420aa474681701ed8f889aaad99e3990ecc4fb6716"
 		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
@@ -93765,7 +97476,7 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY
 
 	strings:
 		$a1 = "yolAbejyiejuvnup=Evjtgvsh5okmkAvj"
-		$a2 = { F3 0F 1E FA 55 48 89 F5 4C 89 CE 53 89 FB 81 E7 00 00 00 80 48 83 EC 28 48 89 54 24 18 48 89 4C 24 10 }
+		$a2 = { 0A 31 FD 3B 2F 1F C6 92 92 68 32 52 C8 C1 AC 28 34 D1 F2 C9 75 C4 76 5E B1 F6 88 58 88 93 3E 48 10 0C B0 6C 3A BE 14 EE 89 55 D2 45 00 C7 7F 6E 20 D3 2C 60 2B 2C 6D 31 00 }
 		$b1 = { 48 8D 7C 24 08 F3 AB 48 8D 44 24 08 48 89 D1 4C 89 C7 48 89 C2 E8 ?? ?? ?? ?? 89 C2 }
 		$b2 = { 31 C0 49 89 FF B9 16 00 00 00 4D 89 C5 48 8D 7C 24 48 4D 89 CE F3 AB 48 8D 44 24 48 }
 		$b3 = { 4D 8B 6C 24 08 45 8B 3C 24 4C 8B 63 10 89 85 78 F1 FF FF 31 C0 83 BD 78 F1 FF FF 00 F3 AB 79 07 }
@@ -93782,8 +97493,8 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Azeela.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Azeela.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6c476a7457ae07eca3d3d19eda6bb6b6b3fa61fa72722958b5a77caff899aaa6"
 		logic_hash = "efc8b5de42a2ee2104dc8e8c25b313f6ced2fb291ba27dc8276822960dd7eb74"
 		score = 75
@@ -93811,8 +97522,8 @@ rule ELASTIC_Windows_Trojan_Hijackloader_A8444812 : FILE MEMORY
 		date = "2023-11-15"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9"
 		logic_hash = "6cd88adc7a0d35013a26d1135efb294ee6f9ddab99b4549e82d3d6f5f65509b6"
 		score = 75
@@ -93845,8 +97556,8 @@ rule ELASTIC_Windows_Trojan_Downtown_901C4Fdd : FILE MEMORY
 		date = "2023-05-10"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DownTown.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DownTown.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6368d37fa9ba4e32131e16bceaee322f2fa8507873d01ebd687536e593354725"
 		score = 75
 		quality = 75
@@ -93875,8 +97586,8 @@ rule ELASTIC_Windows_Trojan_Downtown_145Ecd2F : FILE MEMORY
 		date = "2023-08-23"
 		modified = "2023-09-20"
 		reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DownTown.yar#L23-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DownTown.yar#L23-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "744a51c5317e265177185d9d0b8838a8fc939b4c56cc5e5bc51d5432d046d9f1"
 		score = 75
 		quality = 75
@@ -93906,8 +97617,8 @@ rule ELASTIC_Windows_Vulndriver_Toshibabios_2891972A : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073"
 		logic_hash = "c253181a754f421ee36ced994412672770497756848d78d557907957486e711b"
 		score = 75
@@ -93937,8 +97648,8 @@ rule ELASTIC_Linux_Ransomware_Royalpest_502A3Db6 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "09a79e5e20fa4f5aae610c8ce3fe954029a91972b56c6576035ff7e0ec4c1d14"
 		logic_hash = "aefb5a286636b827b50e4bc0ea978a75ba6a9e572504bfbc0a7700372c54a077"
 		score = 75
@@ -93969,8 +97680,8 @@ rule ELASTIC_Windows_Trojan_Pandastealer_8B333E76 : FILE MEMORY
 		date = "2021-09-02"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935"
 		logic_hash = "5878799338fc18bac0f946faeadd59c921dee32c9391fc12d22c72c0cd6733a8"
 		score = 75
@@ -94002,8 +97713,8 @@ rule ELASTIC_Linux_Worm_Generic_920D273F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Worm_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Worm_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "04a65bc73fab91f654d448b2d7f8f15ac782965dcdeec586e20b5c7a8cc42d73"
 		logic_hash = "d0ed260857ae3002483ea7ef242b82514caaa95c2700b39dd0a03d39fdde090d"
 		score = 75
@@ -94031,8 +97742,8 @@ rule ELASTIC_Linux_Worm_Generic_98Efcd38 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Worm_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Worm_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "87507f5cd73fffdb264d76db9b75f30fe21cc113bcf82c524c5386b5a380d4bb"
 		logic_hash = "c1a130d2ef8d09cb28adc4e347cbd1a083c78241752ecf3f935b03d774d00a81"
 		score = 60
@@ -94060,8 +97771,8 @@ rule ELASTIC_Linux_Worm_Generic_Bd64472E : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Worm_Generic.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Worm_Generic.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b3334a3b61b1a3fc14763dc3d590100ed5e85a97493c89b499b02b76f7a0a7d0"
 		logic_hash = "9a7267a0ebc1073d0b1f81a61b963642cc816b563b43ff4d9508dd8bc195a0e1"
 		score = 75
@@ -94089,8 +97800,8 @@ rule ELASTIC_Linux_Worm_Generic_3Ff8F75B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Worm_Generic.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Worm_Generic.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "991175a96b719982f3a846df4a66161a02225c21b12a879e233e19124e90bd35"
 		logic_hash = "798e98f286201f1cda18bf1bf433826cf8a949b584f016b24a684425069d1024"
 		score = 75
@@ -94118,8 +97829,8 @@ rule ELASTIC_Windows_Attacksimulation_Hovercraft_F5C7178F : FILE MEMORY
 		date = "2022-05-23"
 		modified = "2022-07-18"
 		reference = "046645b2a646c83b4434a893a0876ea9bd51ae05e70d4e72f2ccc648b0f18cb6"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e707e89904a5fa4d30f94bfc625b736a411df6bb055c0e40df18ae65025a3740"
 		score = 75
 		quality = 75
@@ -94147,8 +97858,8 @@ rule ELASTIC_Linux_Trojan_Getshell_98D002Bf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Getshell.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Getshell.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "97b7650ab083f7ba23417e6d5d9c1d133b9158e2c10427d1f1e50dfe6c0e7541"
 		logic_hash = "358575f55910b060bde94bbc55daa9650a43cf1470b77d1842ddcaa8b299700a"
 		score = 75
@@ -94176,8 +97887,8 @@ rule ELASTIC_Linux_Trojan_Getshell_213D4D69 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "05fc4dcce9e9e1e627ebf051a190bd1f73bc83d876c78c6b3d86fc97b0dfd8e8"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Getshell.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Getshell.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2075def88b31ac32e44c270ab20273c8b91f37e25a837c0353f76bcf431cdcb3"
 		score = 75
 		quality = 75
@@ -94204,8 +97915,8 @@ rule ELASTIC_Linux_Trojan_Getshell_3Cf5480B : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "0e41c0d6286fb7cd3288892286548eaebf67c16f1a50a69924f39127eb73ff38"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Getshell.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Getshell.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "87b0db74e81d4f236b11f51a72fba2e4263c988402292b2182d19293858c6126"
 		score = 75
 		quality = 75
@@ -94232,8 +97943,8 @@ rule ELASTIC_Linux_Trojan_Getshell_8A79B859 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1154ba394176730e51c7c7094ff3274e9f68aaa2ed323040a94e1c6f7fb976a2"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Getshell.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Getshell.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "2aa3914ec4cc04e5daa2da1460410b4f0e5e7a37c5a2eae5a02ff5f55382f1fe"
 		score = 75
 		quality = 75
@@ -94260,8 +97971,8 @@ rule ELASTIC_Windows_Trojan_Garble_Eae7F2F7 : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Garble.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Garble.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4820a1ec99981e03675a86c4c01acba6838f04945b5f753770b3de4e253e1b8c"
 		logic_hash = "5d88579b0f0f71b8b4310c141fb243f39696e158227da0a1e0140b030b783c65"
 		score = 75
@@ -94289,8 +98000,8 @@ rule ELASTIC_Windows_Hacktool_Sharpchromium_41Ce5080 : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9dd65aa53728d51f0f3b9aaf51a24f8a2c3f84b4a4024245575975cf9ad7f2e5"
 		logic_hash = "50972a6e6af1d7076243320fb6559193e0c46ac1300aa62d12390fdeb2fffdcd"
 		score = 75
@@ -94322,8 +98033,8 @@ rule ELASTIC_Windows_Trojan_Avemaria_31D2Bce9 : FILE MEMORY
 		date = "2021-05-30"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b"
 		logic_hash = "7ba59c3be07e35b415719b60b14a0f629619e5729c20f50f00dbea0c2f8bd026"
 		score = 75
@@ -94363,8 +98074,8 @@ rule ELASTIC_Windows_Trojan_Dcrat_1Aeea1Ac : FILE MEMORY
 		date = "2022-01-15"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DCRat.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DCRat.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6163e04a40ed52d5e94662131511c3ae08d473719c364e0f7de60dff7fa92cf7"
 		score = 75
 		quality = 75
@@ -94397,8 +98108,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_445Bb666 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052"
 		logic_hash = "664829ff761186ec8f3055531b5490b7516756b0aa9d0183d4c17240a5ca44c4"
 		score = 75
@@ -94426,8 +98137,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_A91D3907 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dc9c700f3f6a03ecb6e3f2801d4269599c32abce7bc5e6a1b7e6a64b0e025f58"
 		logic_hash = "e61ceea117acf444a6b137b93d7c335c6eb8a7e13a567177ec4ea44bf64fd5c6"
 		score = 75
@@ -94455,8 +98166,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_8Ce3Fea8 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052"
 		logic_hash = "08c4b5b4afefbf1ee207525f9b28bc7eed7b55cb07f8576fddfa0bbe95002769"
 		score = 75
@@ -94484,8 +98195,8 @@ rule ELASTIC_Windows_Hacktool_Capcom_7Abae448 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24"
 		logic_hash = "88f25c479cc8970e05ef9d08143afbbbfa17322f34379ba571e3a09105b33ee0"
 		score = 75
@@ -94514,8 +98225,8 @@ rule ELASTIC_Windows_Vulndriver_Amifldrv_E387D5Ad : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330"
 		logic_hash = "14d75b5aff2c82d69b041c654cdc0840f6b6e37a197f5c0c1c2698c9e8eba3e2"
 		score = 60
@@ -94543,8 +98254,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_986D2D3C : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838"
 		logic_hash = "d767a1ecdff557753f80ac9d73f02364dd035f7a287d0f260316f807364af2d5"
 		score = 75
@@ -94572,8 +98283,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_Cdf192F9 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d"
 		logic_hash = "2f844b6d3fa19fd39097395175162578ad71d78c61dad104efd320cd8285fa6b"
 		score = 75
@@ -94601,8 +98312,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_0Eca57Dc : FILE
 		date = "2023-07-20"
 		modified = "2023-07-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3"
 		hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f"
 		logic_hash = "82a0cba571dc58ed8d3fd87d3650ec0c1016e6c8e972547f6120ba91c8febce1"
@@ -94633,8 +98344,8 @@ rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY
 		date = "2021-11-11"
 		modified = "2022-07-22"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "107f844f19e638866d8249e6f735daf650168a48a322d39e39d5e36cfc1c8659"
 		logic_hash = "853d44465a472786bb48bbe1009e0ff925f79e4fd72f0eac537dd271c1ec3703"
 		score = 75
@@ -94664,8 +98375,8 @@ rule ELASTIC_Macos_Hacktool_Swiftbelt_Bc62Ede6 : FILE MEMORY
 		date = "2021-10-12"
 		modified = "2021-10-25"
 		reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1"
 		logic_hash = "51481baa6ddb09cf8463d989637319cb26b23fef625cc1a44c96d438c77362ca"
 		score = 75
@@ -94717,8 +98428,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_89E64044 : FILE MEMORY
 		date = "2021-08-06"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d"
 		logic_hash = "bd504b078704b9f307a50c8556c143eee061015a9727670137aadc47ae93e2a6"
 		score = 75
@@ -94748,8 +98459,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_A1C60939 : FILE MEMORY
 		date = "2021-08-06"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d"
 		logic_hash = "6e6d88251e93f69788ad22fc915133f3ba0267984d6a5004d5ca44dcd9f5f052"
 		score = 75
@@ -94777,8 +98488,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_369E1E94 : FILE MEMORY
 		date = "2022-07-05"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee"
 		logic_hash = "c34dafc024d85902b85fc3424573abb8781d6fab58edd86c255266db3635ce98"
 		score = 75
@@ -94812,8 +98523,8 @@ rule ELASTIC_Windows_Trojan_Zeus_E51C60D7 : FILE MEMORY
 		date = "2021-02-07"
 		modified = "2021-10-04"
 		reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Zeus.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Zeus.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3"
 		logic_hash = "cde738f95dbad1fbad59e20528b2f577e5e3ee5fcb37c68a45d53c689d2af525"
 		score = 75
@@ -94846,8 +98557,8 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347"
 		logic_hash = "c4fa65bbd9d374092137b65209f29744caeb8b04fbd364b1acc67b73c45604e8"
 		score = 75
@@ -94877,8 +98588,8 @@ rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY
 		date = "2022-03-14"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea"
 		logic_hash = "f473673afc211b02328f4e9d88e709acd95bf4b1fa565f5aca972b92324bf589"
 		score = 75
@@ -94909,8 +98620,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_Db41F9D2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "81642b4ff1b6488098f019c5e992fc942916bc6eb593006cf91e878ac41509d6"
 		score = 75
 		quality = 75
@@ -94937,8 +98648,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_77D184Fd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1bb44b567b3c82f7ee0e08b16f7326d1af57efe77d608a96b2df43aab5faa9f7"
 		logic_hash = "0ae9c41d3eb7964344f71b9708278a0e83776228e4455cf0ad7c08e288305203"
 		score = 75
@@ -94966,8 +98677,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_C9888Edb : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1d798e9f15645de89d73e2c9d142189d2eaf81f94ecf247876b0b865be081dca"
 		logic_hash = "608f2340b0ee4b843933d8137aa0908583a6de477e6c472fb4bd2e5bb62dfb80"
 		score = 75
@@ -94995,8 +98706,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_81Fccd74 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "2a183f613fca5ec30dfd82c9abf72ab88a2c57d2dd6f6483375913f81aa1c5af"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "18f7ca953d22f02c1dbf03595a19b66ea582d2c1623f0042dcf15f86556ca41e"
 		score = 75
 		quality = 75
@@ -95023,8 +98734,8 @@ rule ELASTIC_Linux_Trojan_Truncpx_894D60F8 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2f09f2884fd5d3f5193bfc392656005bce6b935c12b3049ac8eb96862e4645ba"
 		logic_hash = "9bc0a7fbddac532b53c72681f349bca0370b1fe6fb2d16f539560085b3ec4be3"
 		score = 75
@@ -95052,8 +98763,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_7Bea6C8F : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea"
 		logic_hash = "bc87ede24c688565258859287141ddffb3bcfb0cc6d4fcbc08827c48bb897580"
 		score = 75
@@ -95081,8 +98792,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_Abe8Bfa6 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5"
 		logic_hash = "8548e64e091c0e9e53316662d3dd91eca605c260f391d752ad40253f225571ed"
 		score = 75
@@ -95110,8 +98821,8 @@ rule ELASTIC_Windows_Vulndriver_Elby_65B09743 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b"
 		logic_hash = "7c7438520b238daf38d4ac91cbdee48bbfa9c85bd76208a436ce59edcfcecb80"
 		score = 75
@@ -95141,8 +98852,8 @@ rule ELASTIC_Windows_Trojan_Wineloader_13E8860A : FILE MEMORY
 		date = "2024-03-24"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d"
 		logic_hash = "c072abb73377ed59c0dd9fab25a4c84575ab9badbddfda1ed51e576e4e12fa82"
 		score = 75
@@ -95172,8 +98883,8 @@ rule ELASTIC_Windows_Trojan_Azorult_38Fce9Ea : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Azorult.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Azorult.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491"
 		logic_hash = "e23b21992b7ff577d4521c733929638522f4bf57b54c72e5e46196d028d6be26"
 		score = 75
@@ -95205,8 +98916,8 @@ rule ELASTIC_Windows_Trojan_Hancitor_6738D84A : FILE MEMORY
 		date = "2021-06-17"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a674898f39377e538f9ec54197689c6fa15f00f51aa0b5cc75c2bafd86384a40"
 		logic_hash = "448243b6925c4e419b1fd492ac5e8d43a7baa4492ba7a5a0b44bc8e036c77ec2"
 		score = 75
@@ -95236,8 +98947,8 @@ rule ELASTIC_Windows_Trojan_Privateloader_96Ac2734 : FILE MEMORY
 		date = "2023-01-03"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "077225467638a420cf29fb9b3f0241416dcb9ed5d4ba32fdcf2bf28f095740bb"
 		logic_hash = "9f96f1c54853866e124d0996504e6efd3d154111390617999cc10520d7f68fe6"
 		score = 75
@@ -95268,8 +98979,8 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY
 		date = "2021-06-10"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ea1dc816dfc87c2340a8b8a77a4f97618bccf19ad3b006dce4994be02e13245d"
 		logic_hash = "3619df974c9f4ec76899afbafdfd6839070714862c7361be476cf8f83e766e2f"
 		score = 75
@@ -95301,8 +99012,8 @@ rule ELASTIC_Linux_Proxy_Frp_4213778F : FILE MEMORY
 		date = "2021-10-20"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Proxy_Frp.yar#L1-L28"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Proxy_Frp.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2"
 		logic_hash = "83eeb632026c38ac08357c27d971da31fbc9a0500ecf489e8332ac5862a77b85"
 		score = 75
@@ -95339,8 +99050,8 @@ rule ELASTIC_Linux_Trojan_Winnti_61215D98 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Winnti.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Winnti.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31"
 		logic_hash = "051cc157f189094d25d45e66e410bdfd61ed7649a4c935d076cec1597c5debf5"
 		score = 75
@@ -95368,8 +99079,8 @@ rule ELASTIC_Linux_Trojan_Winnti_4C5A1865 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "0d963a713093fc8e5928141f5747640c9b43f3aadc8a5478c949f7ec364b28ad"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Winnti.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Winnti.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "69f6dcba59ec8cd7f4dfe853495a35601e35d74476fad9e18bef7685a68ece51"
 		score = 75
 		quality = 75
@@ -95396,8 +99107,8 @@ rule ELASTIC_Linux_Trojan_Winnti_6F4Ca425 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "161af780209aa24845863f7a8120aa982aa811f16ec04bcd797ed165955a09c1"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Winnti.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Winnti.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a1ffc0e3d27c4bb9fd10f14d45b649b4f059c654b31449013ac06d0981ed25ed"
 		score = 75
 		quality = 75
@@ -95424,8 +99135,8 @@ rule ELASTIC_Linux_Trojan_Winnti_De4B0F6E : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "a6b9b3ea19eaddd4d90e58c372c10bbe37dbfced638d167182be2c940e615710"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Winnti.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Winnti.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fb7b0ff4757dfc1ba2ca8585d5ddf14aae03063e10bdc2565443362c6ba37c30"
 		score = 75
 		quality = 75
@@ -95452,8 +99163,8 @@ rule ELASTIC_Windows_Backdoor_Dragoncastling_4Ecf6F9F : FILE MEMORY
 		date = "2022-11-08"
 		modified = "2022-12-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9776c7ae6ca73f87d7c838257a5bcd946372fbb77ebed42eebdfb633b13cd387"
 		logic_hash = "26ff86354230f1006bd451eab5c1634b91888330d124a06dd2dfa5ab515d6e1a"
 		score = 75
@@ -95489,8 +99200,8 @@ rule ELASTIC_Linux_Exploit_Enoket_79B52A4C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf"
 		logic_hash = "204082a3be602b3f6aebb013a46e6f9c98b5dad2476350afa60c1954b13598fe"
 		score = 75
@@ -95518,8 +99229,8 @@ rule ELASTIC_Linux_Exploit_Enoket_5969A348 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae"
 		logic_hash = "e47af0fba86c9152d17911b984070a8419b98da8916538ebb1065a5348da6e31"
 		score = 75
@@ -95547,8 +99258,8 @@ rule ELASTIC_Linux_Exploit_Enoket_80Fac3E9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128"
 		logic_hash = "19cb7f02ca80095293c4a09f7ea616c31364af1e4189a9211aaba54aaa2db14e"
 		score = 75
@@ -95576,8 +99287,8 @@ rule ELASTIC_Linux_Exploit_Enoket_7Da5F86A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550"
 		logic_hash = "df5769a87230f5e563849302f32673b5f5de2595e12de72c27921d45edc58928"
 		score = 75
@@ -95605,8 +99316,8 @@ rule ELASTIC_Linux_Exploit_Enoket_C77C0D6D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf"
 		logic_hash = "504d61715bd5dba7f777fcb2d62eb53d8d54dad2dcf93f2fc2d7dcd359c4b994"
 		score = 75
@@ -95634,8 +99345,8 @@ rule ELASTIC_Linux_Exploit_Enoket_Fbf508E1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Enoket.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Enoket.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214"
 		logic_hash = "21b1d69677c3fddb210dcf5947e8321abccd5a1ebbde8438a83fee5d4b29443d"
 		score = 75
@@ -95663,8 +99374,8 @@ rule ELASTIC_Windows_Trojan_Lobshot_013C1B0B : FILE MEMORY
 		date = "2023-04-18"
 		modified = "2023-04-23"
 		reference = "https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6"
 		logic_hash = "e1fb245c3441c9bd393a47a9bed01bf7f62aa3ec36d460584d75e326e7e92ad4"
 		score = 75
@@ -95702,8 +99413,8 @@ rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4ccd399ea99d4e31fbf2bbf8017c5368d29e630dc2985e90f07c10c980fa084"
 		logic_hash = "8bc38f26da5a3350cbae3e93b890220bb461ff77e83993a842f68db8f757e435"
 		score = 75
@@ -95731,8 +99442,8 @@ rule ELASTIC_Linux_Trojan_Adlibrary_2E908E5F : FILE MEMORY
 		date = "2022-08-23"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "acb22b88ecfb31664dc07b2cb3490b78d949cd35a67f3fdcd65b1a4335f728f1"
 		logic_hash = "0d0df636876adf0268b7a409bfc9d8bfad298793d11297596ef91aeba86889da"
 		score = 75
@@ -95760,8 +99471,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_2Aa8Fbb5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "21d8bec73476783e01d2a51a99233f186d7c72b49c9292c42e19e1aa6397d415"
 		score = 75
 		quality = 75
@@ -95788,8 +99499,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_0998F811 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "178f6c42582dd99cc5418388d020d4d76f2a9204297a673359fe0a300121c35b"
 		score = 75
 		quality = 75
@@ -95816,8 +99527,8 @@ rule ELASTIC_Windows_Trojan_Flawedgrace_8C5Eb04B : FILE MEMORY
 		date = "2023-11-01"
 		modified = "2023-11-02"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e"
 		logic_hash = "dc07197cb9a02ff8d271f78756c2784c74d09e530af20377a584dbfe77e973aa"
 		score = 75
@@ -95849,8 +99560,8 @@ rule ELASTIC_Windows_Ransomware_Avoslocker_7Ae4D4F2 : FILE MEMORY
 		date = "2021-07-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856"
 		logic_hash = "c87faf6f128fd6a8cabd68ec8de72fb10e6be42bdbe23ece374dd8f3cf0c1b15"
 		score = 75
@@ -95882,8 +99593,8 @@ rule ELASTIC_Linux_Virus_Thebe_1Eb5985A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Virus_Thebe.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Virus_Thebe.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "30af289be070f4e0f8761f04fb44193a037ec1aab9cc029343a1a1f2a8d67670"
 		logic_hash = "7d4bc4b1615048dec1f1fac599afa667e06ccb369bb1242b25887e0ce2a5066a"
 		score = 75
@@ -95911,8 +99622,8 @@ rule ELASTIC_Linux_Trojan_Masan_5369C678 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Masan.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Masan.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f2de9f39ca3910d5b383c245d8ca3c1bdf98e2309553599e0283062e0aeff17f"
 		logic_hash = "e57b105004216a6054b0561b69cce00c35255c5bd33aa8e403d0a3967cd0697e"
 		score = 75
@@ -95940,8 +99651,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_D7Fc4594 : FILE MEMORY
 		date = "2021-05-20"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893"
 		logic_hash = "0083fb64955973e7dbbb35d08cb780fa0b4ff4d064c102dc8f86e29af8358bad"
 		score = 75
@@ -95969,8 +99680,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_Aceac5D9 : FILE MEMORY
 		date = "2021-05-20"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893"
 		logic_hash = "888ab06b55b07879ee6b9a45c04f1a09c570aeb4be55c698300566d57fd47252"
 		score = 75
@@ -95998,8 +99709,8 @@ rule ELASTIC_Windows_Trojan_Pizzapotion_D334C613 : FILE MEMORY
 		date = "2023-09-13"
 		modified = "2023-09-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "37bee101cf34a84cba49adb67a555c6ebd3b8ac7c25d50247b0a014c82630003"
 		logic_hash = "de7d395c8a993abf9858858e56ba0ec4acbf0fa1c8bfe4a34ae95be2205967fc"
 		score = 75
@@ -96032,8 +99743,8 @@ rule ELASTIC_Windows_Trojan_Asyncrat_11A11Ba1 : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1"
 		logic_hash = "c6c4ce9ccf01c280be6c25c0c82c34b601626bc200b84d3e77b08be473335d3d"
 		score = 75
@@ -96066,8 +99777,8 @@ rule ELASTIC_Windows_Trojan_Nanocore_D8C4E3C5 : FILE MEMORY
 		date = "2021-06-13"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd"
 		logic_hash = "fcc13e834cd8a1f86b453fe3c0333cd358e129d6838a339a824f1a095d85552d"
 		score = 75
@@ -96105,8 +99816,8 @@ rule ELASTIC_Windows_Vulndriver_Winflash_881758Da : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026"
 		logic_hash = "a46ac1f19ba5d9543c88434575870b61fbb935cd4c4e28cb80a077502af7d2db"
 		score = 75
@@ -96134,8 +99845,8 @@ rule ELASTIC_Windows_Trojan_A310Logger_520Cd7Ec : FILE MEMORY
 		date = "2022-01-11"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_A310logger.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_A310logger.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3"
 		logic_hash = "6095ce913e3fb1cfc2f1b091598fc06b2dfec30c2353be7df08dcbb1a06b07c3"
 		score = 75
@@ -96167,8 +99878,8 @@ rule ELASTIC_Windows_Wiper_Hermeticwiper_7206A969 : FILE MEMORY
 		date = "2022-02-24"
 		modified = "2022-02-24"
 		reference = "https://www.elastic.co/security-labs/elastic-protects-against-data-wiper-malware-targeting-ukraine-hermeticwiper"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591"
 		logic_hash = "84c61b8223a6ebf1ccfa4fdccee3c9091abca4553e55ac6c2492cff5503b4774"
 		score = 75
@@ -96201,8 +99912,8 @@ rule ELASTIC_Windows_Trojan_Falsefont_D1F0D357 : FILE MEMORY
 		date = "2024-03-26"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614"
 		logic_hash = "af356dec77f773cec01626a3823dbea7e9d3719b9d152ec4057c0b97efabf0df"
 		score = 75
@@ -96237,8 +99948,8 @@ rule ELASTIC_Windows_Trojan_Svcready_Af498D39 : FILE MEMORY
 		date = "2022-06-12"
 		modified = "2022-07-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "08e427c92010a8a282c894cf5a77a874e09c08e283a66f1905c131871cc4d273"
 		logic_hash = "e3520103064cf82cd1747f8889667929d23466c9febfda7e4968a3679db97d71"
 		score = 75
@@ -96270,8 +99981,8 @@ rule ELASTIC_Linux_Ransomware_Noescape_6De58E0C : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561"
 		logic_hash = "c275d0cfdadcaabe57c432956e96b4bb344d947899fa5ad55b872e02b4d44274"
 		score = 75
@@ -96301,8 +100012,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_E2E0Dff1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d38b9e76cbc863f69b29fc47262ceafd26ac476b0ae6283d3fa50985f93bedf3"
 		logic_hash = "ec7d12296383ca0ed20e3221fb96b9dbdaf6cc7f07f5c8383e43489a9fd6fcfe"
 		score = 75
@@ -96330,8 +100041,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_F90C7E43 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "79475a66be8741d9884bc60f593c81a44bdb212592cd1a7b6130166a724cb3d3"
 		logic_hash = "2d995722b06ce51a5378e395896764421f84afcf6b13855a87ed43d9b9e38982"
 		score = 75
@@ -96359,8 +100070,8 @@ rule ELASTIC_Linux_Trojan_Zpevdo_7F563544 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "9cbbb5a9166184cef630d1aba8fec721f676b868d22b1f96ffc1430e98ae974c"
 		score = 75
 		quality = 75
@@ -96387,8 +100098,8 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3"
 		logic_hash = "24cb368040fffe2743d0361a955d45a62a95a31c1744f3de15089169e365bb89"
 		score = 75
@@ -96416,8 +100127,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_66197D54 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "7bccf37960e2f197bb0021ecb12872f0f715b674d9774d02ec4e396f18963029"
 		score = 75
@@ -96453,8 +100164,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_E8Ed269C : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "c56b6dfb2c3ae657615c825a4d5d5640c2204fa4217262e1ccb4359d5a914a63"
 		score = 75
@@ -96492,8 +100203,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_413Caa6B : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "4f2417d61be5e68630408a151cd73372aef9e7f4638acf4e80bfa5b2811119a7"
 		score = 75
@@ -96531,8 +100242,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_23Fee092 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "ed019c9198b5d9ff8392bfd7e0b23a7b1383eabce4c71c665a3ca4a943c8b6ee"
 		score = 75
@@ -96568,8 +100279,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_861D3264 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "e6a0a0a24c70d69c0aa56063d2db0f5a0fedcda5b96d945ac14520524b1d00fd"
 		score = 75
@@ -96607,8 +100318,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_57587F8C : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "175b8b6f9fca189f2fc41f1029ad512db2c8b0e52ea04bfbc3d410d355928ab9"
 		score = 75
@@ -96646,8 +100357,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Cae025B1 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "9c34443cffed43513242321e2170484dbb0d41b251aee8ea640d44da76918122"
 		score = 75
@@ -96683,8 +100394,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4A9B9603 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "8d78483b54d3be6988b1f5df826b8709b7aa2045ff3a3e754c359365d053bb27"
 		score = 75
@@ -96720,8 +100431,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4Db2C852 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "88c88103a055d25ba97f08e2f47881001ad8a2200a33ac04246494963dfe6638"
 		score = 75
@@ -96759,8 +100470,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Bcedc8B2 : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "7f0a6a9168b5ff7cc02ccadd211cc8096307651be65c2b3e7cc9fdbbde08ab9f"
 		score = 75
@@ -96798,8 +100509,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_B6Bb3E7C : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "e2eaf91b9c5d3616fb2f6f6bc4b44841b1efa3b4efe7ac72afe225728523af75"
 		score = 75
@@ -96837,8 +100548,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_94474B0B : FILE MEMORY
 		date = "2022-12-21"
 		modified = "2023-02-01"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195"
 		logic_hash = "e209c9ce1f4b11c5fdeade3298329d62f5cf561403c87077d94b6921e81ffaea"
 		score = 75
@@ -96876,8 +100587,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8"
 		logic_hash = "ed63c14e31c200f906b525c7ef1cd671511a89c8833cfa1a605fc9870fe91043"
 		score = 75
@@ -96905,8 +100616,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_F4681Eba : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8"
 		logic_hash = "cf478ec5313b40d74d110e4d6e97da5f671d5af331adc3ab059a69616e78c76c"
 		score = 75
@@ -96934,8 +100645,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_4091E373 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c38c4bdd3c1fa16fd32db06d44d0db1b25bb099462f8d2936dbdd42af325b37c"
 		logic_hash = "ce82f6d3a2e4b7ffe7010629bf91a9144a94e50513682a6c0622603d28248d51"
 		score = 75
@@ -96963,8 +100674,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_20A0091E : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b00a61c908cd06dbc26bee059ba290e7ce2ad6b66c453ea272c7287ffa29c5ab"
 		logic_hash = "bb90b7e1637fd86e91763b4801a0b3bb8a1b956f328d07e96cf1b26e42b1931b"
 		score = 75
@@ -96992,8 +100703,8 @@ rule ELASTIC_Windows_Trojan_Havoc_77F3D40E : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Havoc.yar#L1-L35"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Havoc.yar#L1-L35"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3427dac129b760a03f2c40590c01065c9bf2340d2dfa4a4a7cf4830a02e95879"
 		logic_hash = "3d2733ed24d90e9e851ec36a08c497e9c90b47c3dcbb8755e3f6b6a6bd3a8b54"
 		score = 75
@@ -97037,8 +100748,8 @@ rule ELASTIC_Windows_Trojan_Havoc_9C7Bb863 : FILE MEMORY
 		date = "2023-04-28"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Havoc.yar#L37-L56"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Havoc.yar#L37-L56"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "261b92d9e8dcb9d0abf1627b791831ec89779f2b7973b1926c6ec9691288dd57"
 		logic_hash = "c1245c38c54b0a72fb335680d9ea191390e4e2fe7e47a3ed776878c5e01a3e16"
 		score = 75
@@ -97067,8 +100778,8 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY
 		date = "2024-01-04"
 		modified = "2024-01-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Havoc.yar#L58-L76"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Havoc.yar#L58-L76"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2f0b59f8220edd0d34fba92905faf0b51aead95d53be8b5f022eed7e21bdb4af"
 		logic_hash = "f79b39cc2ca4bbf6ad4b6585a9914a75797110d6fb68bcb7141c5c3d0429c412"
 		score = 75
@@ -97096,8 +100807,8 @@ rule ELASTIC_Windows_Trojan_Havoc_Ffecc8Af : FILE MEMORY
 		date = "2024-04-29"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Havoc.yar#L78-L107"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Havoc.yar#L78-L107"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "495d323651c252e38814b77b9c6c913b9489e769252ac8bbaf8432f15e0efe44"
 		logic_hash = "c9da6215db1de91a6cd52dd6558dc5a60bbd69abc6fa0db8714f001cdae20ddb"
 		score = 75
@@ -97136,8 +100847,8 @@ rule ELASTIC_Windows_Trojan_Vidar_9007Feb2 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Vidar.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Vidar.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec"
 		logic_hash = "fcdef7397f17ee402155e526c6fa8b51f3ea96e203a095b0b4c36cb7d3cc83d1"
 		score = 75
@@ -97165,8 +100876,8 @@ rule ELASTIC_Windows_Trojan_Vidar_114258D5 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Vidar.yar#L21-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Vidar.yar#L21-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec"
 		logic_hash = "9ea3ea0533d14edd0332fa688497efd566a890d1507214fc8591a0a11433d060"
 		score = 75
@@ -97199,8 +100910,8 @@ rule ELASTIC_Windows_Trojan_Vidar_32Fea8Da : FILE MEMORY
 		date = "2023-05-04"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Vidar.yar#L46-L66"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Vidar.yar#L46-L66"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6f5c24fc5af2085233c96159402cec9128100c221cb6cb0d1c005ced7225e211"
 		logic_hash = "1a18cdc3bd533c34eb05b239830ecec418dc76ee9f4fcfc48afc73b07d55b3cd"
 		score = 75
@@ -97230,8 +100941,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_D13544D7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3"
 		logic_hash = "fcb2fc7a84fbcd23f9a9d9fd2750c45ff881689670a373fce0cc444183d11999"
 		score = 75
@@ -97259,8 +100970,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ad09E090 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa"
 		logic_hash = "6c2d548ba9f01444e8fe4b0aa8a0556970acac06d39bb7c87446b6b91ab0d129"
 		score = 75
@@ -97288,8 +100999,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_12299814 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eb3802496bd2fef72bd2a07e32ea753f69f1c2cc0b5a605e480f3bbb80b22676"
 		logic_hash = "52e8bcd0512cedf0fa048b6990a5d331f4302d99b00681c83a76587415894b1e"
 		score = 75
@@ -97317,8 +101028,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_A47B77E4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "995b43ccb20343494e314824343a567fd85f430e241fdeb43704d9d4937d76cc"
 		logic_hash = "bd2b14c8b8e2649af837224fadb32bf0fb67ac403189063a8cb10ad344fb8015"
 		score = 75
@@ -97346,8 +101057,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_21D0550B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b"
 		logic_hash = "c9a12eee281b1e944b5572142c5e18ff087989f45026a94268df22d483210178"
 		score = 75
@@ -97375,8 +101086,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_C8Adb449 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00ec7a6e9611b5c0e26c148ae5ebfedc57cf52b21e93c2fe3eac85bf88edc7ea"
 		logic_hash = "9c43602dc752dd737a983874bee5ec6af145ce5fdd45d03864a1afdc2aec3ad4"
 		score = 75
@@ -97404,8 +101115,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Bcab1E8F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19df7fd22051abe3f782432398ea30f8be88cf42ef14bc301b1676f35b37cd7e"
 		logic_hash = "72643b2860f40c7e901c671d7cc9992870b91912df5d75d2ffba0dfb8684f8d3"
 		score = 75
@@ -97433,8 +101144,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_6671F33A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3"
 		logic_hash = "a15c842c7c7ec3b11183a1502f8ec03ea786e3f0d47fbab58c62ffff7b018030"
 		score = 75
@@ -97462,8 +101173,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_74418Ec5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d79ad967ac9fc0b1b6d54e844de60d7ba3eaad673ee69d30f9f804e5ccbf2880"
 		logic_hash = "e74463f53611baaec7c8e126218d8353c6e3a5e71c20e98a7035df6b771b690b"
 		score = 75
@@ -97491,8 +101202,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_979160F6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e70097fb263c90576e87e76cc7be391dbf9c9d73bbd7fb8e5ec282e6ac1f648d"
 		score = 75
 		quality = 75
@@ -97519,8 +101230,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Fe7139E5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8b13dc59db58b6c4cd51abf9c1d6f350fa2cb0dbb44b387d3e171eacc82a04de"
 		logic_hash = "d1ef74f2a74950845091b2ebc2f7fd05980bcbd2aea4fdd9549c54cec1768501"
 		score = 75
@@ -97548,8 +101259,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_F35A670C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a73808211ba00b92f8d0027831b3aa74db15f068c53dd7f20fcadb294224f480"
 		logic_hash = "95a8aeffb7193c3f4adfea5b7f0741a53528620c57cbdb4d471d756db03c6493"
 		score = 75
@@ -97577,8 +101288,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_70E5946E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b"
 		logic_hash = "324deafee2b14c125100e49b90ea95bc1fc55020a7e81a69c7730a57430560f4"
 		score = 75
@@ -97606,8 +101317,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_033F06Dd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd"
 		logic_hash = "a0c788dbcd43cab2af1614d5d90ed9e07a45b547241f729e09709d2a1ec24e60"
 		score = 75
@@ -97635,8 +101346,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ce0C185F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa"
 		logic_hash = "f88c5a295cc62f5a91e26731fc60aaf450376cbb282f43304ba2a5ac5d149dd4"
 		score = 75
@@ -97664,8 +101375,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Da08E491 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4638d9ece32cd1385121146378772d487666548066aecd7e40c3ba5231f54cc0"
 		logic_hash = "f98252c33f8d76981bbc51de87a11a7edca7292a864fc2a305d29cd21961729e"
 		score = 75
@@ -97693,8 +101404,8 @@ rule ELASTIC_Linux_Trojan_Rooter_C8D08D3A : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rooter.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rooter.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f55e3aa4d875d8322cdd7caa17aa56e620473fe73c9b5ae0e18da5fbc602a6ba"
 		logic_hash = "c91f3112cc61acec08ab3cd59bab2ae833ba0d8ac565ffb26a46982f38af0e71"
 		score = 75
@@ -97722,8 +101433,8 @@ rule ELASTIC_Windows_Trojan_Gozi_Fd494041 : FILE MEMORY
 		date = "2021-03-22"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Gozi.yar#L1-L32"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Gozi.yar#L1-L32"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237"
 		logic_hash = "fdd18817e7377f1b4006d3bf135d924b8ead62a461ea56f57157b2856ba6846b"
 		score = 75
@@ -97764,8 +101475,8 @@ rule ELASTIC_Windows_Trojan_Gozi_261F5Ac5 : FILE MEMORY
 		date = "2019-08-02"
 		modified = "2021-08-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Gozi.yar#L34-L60"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Gozi.yar#L34-L60"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f"
 		logic_hash = "23a7427e162e2f77ee0a281fe4bc54eab29a3bdca8e51015147e8eb223e7e2f7"
 		score = 75
@@ -97801,8 +101512,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_903E33C3 : FILE MEMORY
 		date = "2022-03-07"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21"
 		logic_hash = "5f96f68df442eb1da21d87c3ae954c4e36cf87db583cbef1775f8ca9e76b776e"
 		score = 75
@@ -97830,8 +101541,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_46F2E5Fd : FILE MEMORY
 		date = "2022-03-07"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21"
 		logic_hash = "580be4c5b058916c2bc67a7964522a7c369bb254394e3cedbf0da025105231c4"
 		score = 75
@@ -97864,8 +101575,8 @@ rule ELASTIC_Windows_Ransomware_Conti_89F3F6Fa : FILE MEMORY
 		date = "2021-08-05"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Conti.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Conti.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe"
 		logic_hash = "4c1834e45d5e42f466249b75a89561ce1e88b9e3c07070e2833d4897fbed22ee"
 		score = 75
@@ -97893,8 +101604,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_A7F19411 : FILE MEMORY
 		date = "2022-01-11"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577"
 		logic_hash = "defc7ab43035c663302edfda60a4b57cb301b3d61662afe3ce1de2ac93cfc3e2"
 		score = 75
@@ -97925,8 +101636,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_253C4D0D : FILE MEMORY
 		date = "2022-03-14"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224"
 		logic_hash = "ba9e6dab664e464e0fdc65bd8bdccc661846d85e7fd8fbf089e72e9e5b71fb17"
 		score = 75
@@ -97954,8 +101665,8 @@ rule ELASTIC_Linux_Exploit_Intfour_0Ca45Cd3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Intfour.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Intfour.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9d32c5447aa5182b4be66b7a283616cf531a2fd3ba3dde1bc363b24d8b22682f"
 		logic_hash = "088d8daa9ba4f53c8de229282ed8a7b30b1e567687e7807ac6c3df9524dabba9"
 		score = 75
@@ -97983,8 +101694,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_B97Baf37 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da"
 		logic_hash = "e58130c33242bc3020602c2c0254bed2bbc564c4a11806c6cfcd858fd724c362"
 		score = 75
@@ -98012,8 +101723,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_E2443Be5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da"
 		logic_hash = "85733ff904cfa3eddaa4c4fbfc51c00494c3a3725e2eb722bbf33c82e7135336"
 		score = 75
@@ -98041,8 +101752,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_683C2Ba1 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a02e166fbf002dd4217c012f24bb3a8dbe310a9f0b0635eb20a7d315049367e1"
 		logic_hash = "eef2bdef7e20633f7dc92f653b43e3a217e8cbdbac63d05540bdd520e22dd1ed"
 		score = 75
@@ -98070,8 +101781,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_8Bca73F6 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e7c17b7916b38494b9a07c249acb99499808959ba67125c29afec194ca4ae36c"
 		logic_hash = "2cfad4e436198391185fdae5c4af18ae43841db19da33473fdf18b64b0399613"
 		score = 75
@@ -98099,8 +101810,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_C4018572 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c1515b3a7a91650948af7577b613ee019166f116729b7ff6309b218047141f6d"
 		logic_hash = "10d70540532c5c2984dc7e492672450924cb8f34c8158638191886057596b0a1"
 		score = 75
@@ -98128,8 +101839,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_733C0330 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b303f241a2687dba8d7b4987b7a46b5569bd2272e2da3e0c5e597b342d4561b6"
 		logic_hash = "37bf7777e26e556f09b8cb0e7e3c8425226a6412c3bed0d95fdab7229b6f4815"
 		score = 75
@@ -98157,8 +101868,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_39F4Cd0D : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c08e1347877dc77ad73c1e017f928c69c8c78a0e3c16ac5455668d2ad22500f3"
 		logic_hash = "5b61f54604b110d2c8efaf1782a2e520baac96c6d3e8d1eda0877475c504bf89"
 		score = 75
@@ -98186,8 +101897,8 @@ rule ELASTIC_Linux_Ransomware_Sfile_9E347B52 : FILE MEMORY
 		date = "2023-07-29"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_SFile.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_SFile.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "49473adedc4ee9b1252f120ad8a69e165dc62eabfa794370408ae055ec65db9d"
 		logic_hash = "394571fd5746132d15da97428c3afc149435d91d5432eadf1c838d4a6433c7c1"
 		score = 75
@@ -98216,8 +101927,8 @@ rule ELASTIC_Windows_Trojan_Diamondfox_18Bc11E3 : FILE MEMORY
 		date = "2022-03-02"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1"
 		logic_hash = "c64e4b3349b33cfd0fec1fe41f91ad819bb6b6751e822d7ab8d14638ad27571d"
 		score = 75
@@ -98249,8 +101960,8 @@ rule ELASTIC_Windows_Trojan_Formbook_1112E116 : FILE MEMORY
 		date = "2021-06-14"
 		modified = "2021-08-23"
 		reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Formbook.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Formbook.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a"
 		logic_hash = "ec307a8681fa01fc0c7c0579b0e3eff10e7f373159ad58dae0a358ff16fbc10b"
 		score = 75
@@ -98281,8 +101992,8 @@ rule ELASTIC_Windows_Trojan_Formbook_772Cc62D : FILE MEMORY
 		date = "2022-05-23"
 		modified = "2022-07-18"
 		reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Formbook.yar#L25-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Formbook.yar#L25-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "db9ab8df029856fc1c210499ed8e1b92c9722f7aa2264363670c47b51ec8fa83"
 		score = 75
 		quality = 25
@@ -98312,8 +102023,8 @@ rule ELASTIC_Windows_Trojan_Formbook_5799D1F2 : FILE MEMORY
 		date = "2022-06-08"
 		modified = "2022-09-29"
 		reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Formbook.yar#L48-L67"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Formbook.yar#L48-L67"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8555a6d313cb17f958fc2e08d6c042aaff9ceda967f8598ac65ab6333d14efd9"
 		logic_hash = "8e61eabd11beb9fb35c016983cfb3085f5ceddfc8268522f3b48d20be5b5df6a"
 		score = 75
@@ -98341,8 +102052,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_89397Ebf : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3"
 		logic_hash = "e887c34c624a182a3c57a55abe02784c4350d3956bcfd9f7918f08a464819e63"
 		score = 75
@@ -98370,8 +102081,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_3F5C98C4 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5"
 		logic_hash = "7570bf1a69df6b493bde41c1de27969e36a3fcb59be574ee2e24e3a61347a146"
 		score = 75
@@ -98399,8 +102110,8 @@ rule ELASTIC_Windows_Vulndriver_Gvci_F5A35359 : FILE
 		date = "2022-04-04"
 		modified = "2022-04-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f"
 		logic_hash = "beb0c324358a016e708dae30a222373113a7eab8e3d90dfa1bbde6c2f7874362"
 		score = 75
@@ -98428,8 +102139,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY
 		date = "2024-03-27"
 		modified = "2024-05-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "14ca15c0751207103c38f1a2f8fdc73e5dd3d58772f6e5641e54e0c790ecd132"
 		logic_hash = "bf374bda2ca7c7bcec1ff092bbc9c3fd95c33faa78a6ea105a7b12b8e80a2e23"
 		score = 75
@@ -98463,6 +102174,36 @@ rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY
 	condition:
 		all of them
 }
+rule ELASTIC_Windows_Trojan_Lumma_693A5234 : FILE MEMORY
+{
+	meta:
+		description = "Detects Windows Trojan Lumma (Windows.Trojan.Lumma)"
+		author = "Elastic Security"
+		id = "693a5234-de8c-4801-8146-bb4d5378abc5"
+		date = "2024-06-05"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Lumma.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "88340abcdc3cfe7574ee044aea44808446daf3bb7bf9fc60b16a2b1360c5d9c0"
+		logic_hash = "2b29ac9bc73f191bdbfc92601cab923aa9f2f3380c8123ee469ced3754625dd0"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "9e51b8833b6fffe740f3c9f87a874dbf4d668d68307393b20cf9e4e69e899d3f"
+		severity = 50
+		arch_context = "x86"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 02 0F B7 16 83 C6 02 66 85 D2 75 EF 66 C7 00 00 00 0F B7 11 }
+		$a2 = { 0C 0F B7 4C 24 04 66 89 0F 83 C7 02 39 F7 73 0C 01 C3 39 EB }
+
+	condition:
+		all of them
+}
 rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY
 {
 	meta:
@@ -98472,8 +102213,8 @@ rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY
 		date = "2021-08-17"
 		modified = "2021-10-04"
 		reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Guloader.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Guloader.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e"
 		logic_hash = "f2cd08f6a32c075dc0294a0e26c51e686babc54ced4faa1873368c8821f0bfef"
 		score = 75
@@ -98505,8 +102246,8 @@ rule ELASTIC_Windows_Trojan_Guloader_C4D9Dd33 : FILE MEMORY
 		date = "2021-08-17"
 		modified = "2021-10-04"
 		reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Guloader.yar#L26-L45"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Guloader.yar#L26-L45"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e"
 		logic_hash = "623ea751fc32648720bda40598024d4d5b6a9a11b3cce3c9427310ba17745643"
 		score = 75
@@ -98534,8 +102275,8 @@ rule ELASTIC_Windows_Trojan_Guloader_2F1E44C8 : FILE MEMORY
 		date = "2023-10-30"
 		modified = "2023-11-02"
 		reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Guloader.yar#L47-L70"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Guloader.yar#L47-L70"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6ae7089aa6beaa09b1c3aa3ecf28a884d8ca84f780aab39902223721493b1f99"
 		logic_hash = "434b33c3fdc6bf4b0f59cd4aba66327d0b7ab524be603b256494d46b609cecd5"
 		score = 75
@@ -98567,8 +102308,8 @@ rule ELASTIC_Windows_Hacktool_Sharpapplocker_9645Cf22 : FILE MEMORY
 		date = "2022-11-20"
 		modified = "2023-01-11"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965"
 		logic_hash = "cb72ecf7715b288acddac51dab091d84c64e3bd30276cba38a0d773e6693875c"
 		score = 75
@@ -98599,8 +102340,8 @@ rule ELASTIC_Linux_Trojan_Mirai_268Aac0B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead"
 		logic_hash = "6eae3aba35d3379fa194b66a1b4e0d78d0d0b88386cd4ea5dfeb3c072642c7ba"
 		score = 75
@@ -98628,8 +102369,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5F2Abe2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74"
 		logic_hash = "169e7e5d1a7ea8c219464e22df9be8bc8caa2e78e1bc725674c8e0b14f6b9fc5"
 		score = 75
@@ -98657,8 +102398,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1Cb033F3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L41-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L41-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ebaf45ce58124aa91b07ebb48779e6da73baa0b80b13e663c13d8fb2bb47ad0d"
 		score = 75
 		quality = 75
@@ -98685,8 +102426,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa3Ad9D0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L60-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L60-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "5890c85872ea4508e673235b20b481972f613f6e5f9564c0237c458995532347"
 		score = 75
@@ -98714,8 +102455,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Cb1699C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L80-L98"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L80-L98"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb"
 		logic_hash = "97307f583240290de2bfc663b99f8dcdedace92885bd3e0c0340709b94c0bc2a"
 		score = 75
@@ -98743,8 +102484,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6F021787 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L100-L118"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L100-L118"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "88183d71359c16d91a3252085ad5a270ad3e196fe431e3019b0810ecfd85ae10"
 		logic_hash = "7e8062682a0babbaa3c00975807ba9fc34c465afde55e4144944e7598f0ea1fd"
 		score = 75
@@ -98772,8 +102513,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1E0C5Ce0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L120-L138"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L120-L138"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d"
 		logic_hash = "591cc3ef6932bf990f56c932866b34778e8eccd0e343f9bd6126eb8205a12ecc"
 		score = 75
@@ -98801,8 +102542,8 @@ rule ELASTIC_Linux_Trojan_Mirai_22965A6D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L140-L158"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L140-L158"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "09c821aa8977f67878f8769f717c792d69436a951bb5ac06ce5052f46da80a48"
 		logic_hash = "6b2a46694edf709d28267268252cfe95d88049b7dca854059cfe44479ada7423"
 		score = 75
@@ -98830,8 +102571,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4032Ade1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L160-L178"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L160-L178"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6150fbbefb916583a0e888dee8ed3df8ec197ba7c04f89fb24f31de50226e688"
 		logic_hash = "9c5e24c4efd4035408897f638d3579c3798139fd18178cee4a944b49c13e1532"
 		score = 75
@@ -98859,8 +102600,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B14F4C5D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L180-L197"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L180-L197"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1a2114a7b397c850d732940a0e154bc04fbee1fdc12d343947b343b9b27a8af1"
 		score = 75
 		quality = 75
@@ -98887,8 +102628,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C8385B81 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L199-L217"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L199-L217"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3d27736caccdd3199a14ce29d91b1812d1d597a4fa8472698e6df6ef716f5ce9"
 		logic_hash = "4ff1f0912fb92e7ac5af49e1738dac897ff1f0a118d8ff905da45b0a91b3f4a7"
 		score = 75
@@ -98916,8 +102657,8 @@ rule ELASTIC_Linux_Trojan_Mirai_122Ff2E6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L219-L237"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L219-L237"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4"
 		logic_hash = "62884309b9095cdd6219c9ef6cd77a0f712640d8a1db4afe5b1d01f4bbe5acc2"
 		score = 75
@@ -98945,8 +102686,8 @@ rule ELASTIC_Linux_Trojan_Mirai_26Cba88C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L239-L257"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L239-L257"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b4758bff3dcaa5640e340d27abba5c2e2b02c3c4a582374e183986375e49be8"
 		logic_hash = "bb5a0f9e68655556ab9fccc27d11bf7828c299720bb67948455579d6a7eb2a9f"
 		score = 75
@@ -98974,8 +102715,8 @@ rule ELASTIC_Linux_Trojan_Mirai_93Fc3657 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L259-L277"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L259-L277"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "0b5278feddd00b0b24ca735bf7cd1440379c6ce5aca6d2a6f38c9fdcedcb3c0d"
 		score = 75
@@ -99003,8 +102744,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7C88Acbc : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L279-L296"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L279-L296"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "76373f8e09b7467ac5d36e8baad3025a57568e891434297e53f2629a72cf8929"
 		score = 75
 		quality = 75
@@ -99031,8 +102772,8 @@ rule ELASTIC_Linux_Trojan_Mirai_804F8E7C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L298-L316"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L298-L316"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "711d74406d9b0d658b3b29f647bd659699ac0af9cd482403122124ec6054f1ec"
 		score = 75
@@ -99060,8 +102801,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A2D2E15A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L318-L336"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L318-L336"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "567c3ce9bbbda760be81c286bfb2252418f551a64ba1189f6c0ec8ec059cee49"
 		logic_hash = "c76fe953c4a70110346a020f2b27c7e79f4ad8a24fd92ac26e5ddd1fed068f65"
 		score = 75
@@ -99089,8 +102830,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5946F41B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L338-L356"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L338-L356"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f0b6bf8a683f8692973ea8291129c9764269a6739650ec3f9ee50d222df0a38a"
 		logic_hash = "43691675db419426413ccc24aa9dfe94456fa1007630652b08a625eafd1f17b8"
 		score = 75
@@ -99118,8 +102859,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Da4Aa3B3 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L358-L376"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L358-L376"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dbc246032d432318f23a4c1e5b6fcd787df29da3bf418613f588f758dcd80617"
 		logic_hash = "84ddc505d2e2be955b88a0fe3b78d435f73c0a315b513e105933e84be78ba2ad"
 		score = 75
@@ -99147,8 +102888,8 @@ rule ELASTIC_Linux_Trojan_Mirai_70Ef58F1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L378-L396"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L378-L396"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb"
 		logic_hash = "3ad201d643e8f93a6f9075c03a76020d78186702a19bf9174b08688a2e94ef5c"
 		score = 75
@@ -99176,8 +102917,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ea584243 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L398-L416"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L398-L416"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47"
 		logic_hash = "34c6f800c849c295797cdd971fb4f3d16d680530f9a98c291388345569708208"
 		score = 75
@@ -99205,8 +102946,8 @@ rule ELASTIC_Linux_Trojan_Mirai_564B8Eda : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L418-L436"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L418-L436"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee"
 		logic_hash = "4bf11492f480911629623250146554f2456f3a527f5f80402ef74b22c1460462"
 		score = 75
@@ -99234,8 +102975,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7E9F85Fb : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L438-L456"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L438-L456"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4333e80fd311b28c948bab7fb3f5efb40adda766f1ea4bed96a8db5fe0d80ea1"
 		logic_hash = "f4ce912e190bc5dcb56541f54ba8e47b6103c482bdc7e83b44693d2c066c0170"
 		score = 75
@@ -99263,8 +103004,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A85A418 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L458-L476"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L458-L476"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a"
 		logic_hash = "bd7fe497fb2557c9e9c26ec90e783f03cbbc9bdaa8d20b364ce65edf6c1e5fa3"
 		score = 75
@@ -99292,8 +103033,8 @@ rule ELASTIC_Linux_Trojan_Mirai_24C5B7D6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L478-L496"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L478-L496"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7c2f8ba2d6f1e67d1b4a3a737a449429c322d945d49dafb9e8c66608ab2154c4"
 		logic_hash = "f790f6b8fcf932773054525ed74a3f15998d91a2626ae9c56486de8dabc2035c"
 		score = 75
@@ -99321,8 +103062,8 @@ rule ELASTIC_Linux_Trojan_Mirai_99D78950 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L498-L516"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L498-L516"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "bfd628a9973f85ed0a8be2723c7ff4bd028af00ea98c9cbcde9df6aabcf394b2"
 		score = 75
@@ -99350,8 +103091,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Fe3C668 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L518-L535"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L518-L535"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e75b2dca7de7d9f31a0ae5940dc45d0e6d0f1ca110b5458fc99912400da97bde"
 		score = 75
 		quality = 75
@@ -99378,8 +103119,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eedfbfc6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L537-L555"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L537-L555"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b7342f7437a3a16805a7a8d4a667e0e018584f9a99591413650e05d21d3e6da6"
 		logic_hash = "949b32db1a00570fc84fbbe510f57f6e898d089efd3fedbd7719f8059021b6bc"
 		score = 75
@@ -99407,8 +103148,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6D96Ae91 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L557-L575"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L557-L575"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e3a1d92df6fb566e09c389cfb085126d2ea0f51a776ec099afb8913ef5e96f9b"
 		logic_hash = "43b0ac7090620eb6c892f1105778c395bf18f5ac309ce1b2d9015b5abccbfc2a"
 		score = 75
@@ -99436,8 +103177,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D8779A57 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L577-L595"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L577-L595"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74"
 		logic_hash = "2154786bbb6dbcc280aaa9e2b75106b585d04c7c85f6162f441c81dc54663cb3"
 		score = 75
@@ -99465,8 +103206,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3E72E107 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L597-L615"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L597-L615"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "57d04035b68950246dd152054e949008dafb810f3705710d09911876cd44aec7"
 		logic_hash = "ba0ba56ded8977502ad9f8a1ceebd30efbff964d576bbfeedff5761f0538d8f0"
 		score = 75
@@ -99494,8 +103235,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5C62E6B2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L617-L635"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L617-L635"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9"
 		logic_hash = "6505c4272f0f7c8c5f2d3f7cefdc3947c4015b0dfd94efde4357a506af93a99d"
 		score = 75
@@ -99523,8 +103264,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C5430Ff9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L637-L655"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L637-L655"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5676773882a84d0efc220dd7595c4594bc824cbe3eeddfadc00ac3c8e899aa77"
 		logic_hash = "8c385980560cd4b24e703744b57a9d5ea1bca8fbeea066e98dd4b40009e56104"
 		score = 75
@@ -99552,8 +103293,8 @@ rule ELASTIC_Linux_Trojan_Mirai_402Adc45 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L657-L675"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L657-L675"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4"
 		logic_hash = "dab879d57507d5e119ddf4ce6ed33570c74f185a2260e97a7ec1d6c844943e5d"
 		score = 75
@@ -99581,8 +103322,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A39Dfaa7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L677-L694"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L677-L694"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "98fde36fc412b6aa50c80c12118975a6bf754a9fba94f1cc3cdeed22565d6b0d"
 		score = 75
 		quality = 75
@@ -99609,8 +103350,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E3E6D768 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L696-L714"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L696-L714"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b505cb26d3ead5a0ef82d2c87a9b352cc0268ef0571f5e28defca7131065545e"
 		logic_hash = "b848c7200f405d77553d661a6c49fb958df225875957ead35b35091995f307d1"
 		score = 75
@@ -99638,8 +103379,8 @@ rule ELASTIC_Linux_Trojan_Mirai_520Deeb8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L716-L733"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L716-L733"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "671c17835f30cce1e5d68dbf3a73d340069b1b55a2ac42fc132c008cb2da622e"
 		score = 75
 		quality = 75
@@ -99666,8 +103407,8 @@ rule ELASTIC_Linux_Trojan_Mirai_77137320 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L735-L753"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L735-L753"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9"
 		logic_hash = "ee48e0478845a61dbbdb5cc3ee5194eb272fcf6dcf139381f068c9af1557d0d4"
 		score = 75
@@ -99695,8 +103436,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A6A81F9C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L755-L772"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L755-L772"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0d31cc1f4a673c13e6c81c492acbe16e1e0dfb0b15913fb276ea4abff18b32af"
 		score = 75
 		quality = 75
@@ -99723,8 +103464,8 @@ rule ELASTIC_Linux_Trojan_Mirai_485C4B13 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L774-L792"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L774-L792"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead"
 		logic_hash = "9625e4190559cc77f41ebef24f9bfa5e3d2e2259c12b301148c614b0f98b5835"
 		score = 75
@@ -99752,8 +103493,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7146E518 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L794-L811"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L794-L811"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "374602254be1f5c1dbb00ad25d870722e03d674033dfcf953a2895e1f50c637d"
 		score = 75
 		quality = 75
@@ -99780,8 +103521,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6A77Af0F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L813-L830"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L813-L830"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "7d7623dfc1e16c7c02294607ddf46edd12cdc7d39a2b920d8711dc47c383731b"
 		score = 75
 		quality = 75
@@ -99808,8 +103549,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5F7B67B8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L832-L849"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L832-L849"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b2aedc0361c1093d7a996f26d907da3e4654c32a6dbcdbab441c19d4207f2e2a"
 		score = 75
 		quality = 75
@@ -99836,8 +103577,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A3Cedc45 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L851-L869"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L851-L869"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4"
 		logic_hash = "9233e6faa43d8ea43ff3c71ecb5248d5d311b2a593825c299cac4466278cd020"
 		score = 75
@@ -99865,8 +103606,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7D05725E : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L871-L889"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L871-L889"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb"
 		logic_hash = "ac2d0b81325ce7984bc09f93e61b42c8e312a31c75f09d37313d70cd40d3cf8b"
 		score = 75
@@ -99894,8 +103635,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa48B592 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L891-L909"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L891-L909"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee"
 		logic_hash = "5648bcc96b1fdd1529b4b8765b1738594d0d61f7880b763e803cd89bd117e96b"
 		score = 75
@@ -99923,8 +103664,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B9A9D04B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L911-L928"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L911-L928"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "61575576be4c1991bc381965a40e5d9d751bba2680a42907b0148651716419fc"
 		score = 75
 		quality = 75
@@ -99951,8 +103692,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D2205527 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L930-L948"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L930-L948"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e4f584d1f75f0d7c98b325adc55025304d55907e8eb77b328c007600180d6f06"
 		logic_hash = "172ba256873cce61047a5198733cacaff4ef343c9cbd76f2fbbf0e1ed8003236"
 		score = 75
@@ -99980,8 +103721,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab073861 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L950-L968"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L950-L968"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "175444a9c9ca78565de4b2eabe341f51b55e59dec00090574ee0f1875422cbac"
 		logic_hash = "251b92c4fec9d113025c6869c279247a3dd16ee094c8861fe43a33f87132bf75"
 		score = 75
@@ -100009,8 +103750,8 @@ rule ELASTIC_Linux_Trojan_Mirai_637F2C04 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L970-L987"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L970-L987"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "cff4aa6c613ccc64f64441f7e40f79d3a22b5c12856c32814545bd41d5f112bd"
 		score = 75
 		quality = 75
@@ -100037,8 +103778,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Aa39Fb02 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ffa95d92a2b619008bd5918cd34a17cd034b2830dc09d495db4b0c397b1cb53a"
 		score = 75
 		quality = 75
@@ -100065,8 +103806,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bce98A2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80"
 		logic_hash = "04d10ef03c178fb101d3c6b6d3b36f0aa04149b9b35a33c3d10d17af1fc07625"
 		score = 75
@@ -100094,8 +103835,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A56423B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0c2765a5c1b331eb9ff5e542bc72eff7be3506e6caef94128413d500086715c6"
 		score = 75
 		quality = 75
@@ -100122,8 +103863,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D18B3463 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cd86534d709877ec737ceb016b2a5889d2e3562ffa45a278bc615838c2e9ebc3"
 		logic_hash = "f906c6f9baae6d6fa3f42e84607549bae44ed9ca847fd916d04f2671eef1caa1"
 		score = 75
@@ -100151,8 +103892,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fe721Dc5 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e9312eefb5f14a27d96e973139e45098c2f62a24d5254ca24dea64b9888a4448"
 		score = 75
 		quality = 75
@@ -100179,8 +103920,8 @@ rule ELASTIC_Linux_Trojan_Mirai_575F5Bc8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "dec143d096f5774f297ce90ef664ae50c40ae4f87843bbb34e496565c0faf3b2"
 		score = 75
 		quality = 75
@@ -100207,8 +103948,8 @@ rule ELASTIC_Linux_Trojan_Mirai_449937Aa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe"
 		logic_hash = "d459e46893115dbdef46bcaceb6a66255ef3a389f1bf7173b0e0bd0d8ce024fb"
 		score = 75
@@ -100236,8 +103977,8 @@ rule ELASTIC_Linux_Trojan_Mirai_2E3F67A9 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb"
 		logic_hash = "8c83c5d32c58041444f33264f692a7580c76324d2cbad736fdd737bdfcd63595"
 		score = 75
@@ -100265,8 +104006,8 @@ rule ELASTIC_Linux_Trojan_Mirai_01E4A728 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "753936b97a36c774975a1d0988f6f908d4b5e5906498aa34c606d4cd971f1ba5"
 		score = 75
 		quality = 75
@@ -100293,8 +104034,8 @@ rule ELASTIC_Linux_Trojan_Mirai_64D5Cde2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "caf2a8c199156db2f39dbb0a303db56040f615c4410e074ef56be2662752ca9d"
 		logic_hash = "08f3635e5517185cae936b39f503bbeba5aed2e36abdd805170a259bc5e3644f"
 		score = 75
@@ -100322,8 +104063,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0D73971C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead"
 		logic_hash = "56f3bac05fce0a0458e5b80197335e7bef6dcd50b9feb6f1008b8679f29cf37a"
 		score = 75
@@ -100351,8 +104092,8 @@ rule ELASTIC_Linux_Trojan_Mirai_82C361D4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f8dbcf0fc52f0c717c8680cb5171a8c6c395f14fd40a2af75efc9ba5684a5b49"
 		logic_hash = "766a964d7d35525fbc88adcf86fb69d11f9c63c0d28ceefb3ae79797a7161193"
 		score = 75
@@ -100380,8 +104121,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ec591E81 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7d45a4a128c25f317020b5d042ab893e9875b6ff0ef17482b984f5b3fe87e451"
 		logic_hash = "f2a147fe7f98d2b3141a1fda118ee803c81d9bc6f498bfaf3557665397eb44da"
 		score = 75
@@ -100409,8 +104150,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Eba3F5A : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2e4f89c76dfefd4b2bfd1cf0467ac0324026355723950d12d7ed51195fd998cf"
 		logic_hash = "bcb2f1e1659102f39977fac43b119c58d6c72f828c3065e2318f671146e911da"
 		score = 75
@@ -100438,8 +104179,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E43A8744 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47"
 		logic_hash = "17c52d2b720fa2e98c3e9bb077525a695a6e547a66e8c44fcc1e26e48df81adf"
 		score = 75
@@ -100467,8 +104208,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6E8E9257 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "67973257e578783838f18dc8ae994f221ad1c1b3f4a04a2b6b523da5ebd8c95b"
 		score = 75
 		quality = 75
@@ -100495,8 +104236,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ac253E4F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9"
 		logic_hash = "1ab463fce01148c2cc95659fdf8b05e597d9b4eeabe81a9cdfa1da3632d72291"
 		score = 75
@@ -100524,8 +104265,8 @@ rule ELASTIC_Linux_Trojan_Mirai_994535C4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "376a2771a2a973628e22379b3dbb9a8015c828505bbe18a0c027b5d513c9e90d"
 		logic_hash = "c83c8c9cdfea1bf322115e5b23d751b226a5dbf42fc41faac172d36192ccf31f"
 		score = 75
@@ -100553,8 +104294,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A68E498C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "e4552813dc92b397c5ba78f32ee6507520f337b55779a3fc705de7e961f8eb8f"
 		score = 75
@@ -100582,8 +104323,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88De437F : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6"
 		logic_hash = "233dbf3d13c35f4c9c7078d67ea60086355c801ce6515f9d3c518e95afd39d85"
 		score = 75
@@ -100611,8 +104352,8 @@ rule ELASTIC_Linux_Trojan_Mirai_95E0056C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380"
 		logic_hash = "9e34891d28034d1f4fc3da5cb99df8fc74f0b876903088f5eab5fe36e0e0e603"
 		score = 75
@@ -100640,8 +104381,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B548632D : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "639d9d6da22e84fb6b6fc676a1c4cfd74a8ed546ce8661500ab2ef971242df07"
 		logic_hash = "bfb46457f8b79548726e3988d649f94e04f26f9e546aae70ece94defae6bab8a"
 		score = 75
@@ -100669,8 +104410,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E0Cf29E2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "693e27da8cbab32954cc2c9ba648151ad9fc21fe53251628145d7b436ec5e976"
 		score = 75
 		quality = 75
@@ -100697,8 +104438,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1754B331 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d89fc59d0de2584af0e4614a1561d1d343faa766edfef27d1ea96790ac7014b"
 		logic_hash = "fde04b0e31a00326f9d011198995999ff9b15628f5ff4139ec7dec19ac0c59c9"
 		score = 75
@@ -100726,8 +104467,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3278F1B8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb"
 		logic_hash = "4d709e8e2062099ac06b241408e52bcb86bbf8163faaffbcff68a05f864e1b3f"
 		score = 75
@@ -100755,8 +104496,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab804Bb7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8f0cc764729498b4cb9c5446f1a84cde54e828e913dc78faf537004a7df21b20"
 		logic_hash = "cef2ffafe152332502fb0d72d014c81b90dc9ad4f4491f1b2f2f9c1f73cc7958"
 		score = 75
@@ -100784,8 +104525,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Dca3B9B4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a839437deba6d30e7a22104561e38f60776729199a96a71da3a88a7c7990246a"
 		logic_hash = "f85dfc1c00706d7ac11ef35c41c471383ef8b019a5c2566b27072a5ef5ad5c93"
 		score = 75
@@ -100813,8 +104554,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ae9D0Fa6 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8da5b14b95d96de5ced8bcab98e23973e449c1b5ca101f39a2114bb8e74fd9a5"
 		score = 75
 		quality = 75
@@ -100841,8 +104582,8 @@ rule ELASTIC_Linux_Trojan_Mirai_612B407C : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7833bc89778461a9f46cc47a78c67dda48b498ee40b09a80a21e67cb70c6add1"
 		logic_hash = "6514725a32f7c28be7de5ff6fe1363df7c50e2cd6c8c79824ec4cbeadda2ca31"
 		score = 75
@@ -100870,8 +104611,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5Da717F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66"
 		logic_hash = "034dae5bea7536e8c8aa22b8b891b9c991b94f04be12c9fe6d78ddf07a2365d9"
 		score = 75
@@ -100899,8 +104640,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D33095D4 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "72326a3a9160e9481dd6fc87159f7ebf8a358f52bf0c17fbc3df80217d032635"
 		logic_hash = "b7feaec65d72907d08c98b09fb4ac494ceee7d7bd51c09063363c617e3f057a4"
 		score = 75
@@ -100928,8 +104669,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4E2246Fb : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66"
 		logic_hash = "6d2e1300286751a5e1ae683e9aab2f59bfbb20d1cc18dcce89c06ecadf25a3e6"
 		score = 75
@@ -100957,8 +104698,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5981806 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "784f2005853b5375efaf3995208e4611b81b8c52f67b6dc139fd9fec7b49d9dc"
 		logic_hash = "e625323543aa5c8374a179dfa51c3f5be1446459c45fa7c7a27ae383cf0f551b"
 		score = 75
@@ -100986,8 +104727,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C6055Dc9 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c1718d7fdeef886caa33951e75cbd9139467fa1724605fdf76c8cdb1ec20e024"
 		logic_hash = "4d9d7c44f0d3ae60275720ae5faf3c25c368aa6e7d9ab5ed706a30f9a7ffd3b8"
 		score = 75
@@ -101015,8 +104756,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3B9675Fd : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4ec4bc88156bd51451fdaf0550c21c799c6adacbfc654c8ec634ebca3383bd66"
 		logic_hash = "61ff7cb8d664291de5cf0c82b80cf0f4001c41d3f02b7f4762f67eb8128df15d"
 		score = 75
@@ -101044,8 +104785,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1C0D246D : FILE MEMORY
 		date = "2021-04-13"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "211cfe9d158c8a6840a53f2d1db2bf94ae689946fffb791eed3acceef7f0e3dd"
 		logic_hash = "7a101e6d2265e09eb6c8d0f1a2fe54c9aa353dfd8bd156926937f4aec86c3ef1"
 		score = 75
@@ -101074,14 +104815,14 @@ rule ELASTIC_Linux_Trojan_Mirai_Ad337D2F : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "012b717909a8b251ec1e0c284b3c795865a32a1f4b79706d2254a4eb289c30a7"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "dba630c1deb00b0dbd9f895a9b93393bc634150c8f32527b02d8dd71dc806e7d"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "67cbcb8288fe319c3b8f961210748f7cea49c2f64fc2f1f55614d7ed97a86238"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -101102,14 +104843,14 @@ rule ELASTIC_Linux_Trojan_Mirai_88A1B067 : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1a62db02343edda916cbbf463d8e07ec2ad4509fd0f15a5f6946d0ec6c332dd9"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0755f1f974734ccd4ecc444217bf52ed306d1dc32c05841ba9ca6d259e1a147e"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "b32b42975297aed7cef72668ee272a5cfb753dce7813583f0c3ec91e52f8601f"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -101130,14 +104871,14 @@ rule ELASTIC_Linux_Trojan_Mirai_76Bbc4Ca : FILE MEMORY
 		date = "2021-06-28"
 		modified = "2021-09-16"
 		reference = "1a9ff86a66d417678c387102932a71fd879972173901c04f3462de0e519c3b51"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "855b7938b92b5645fcefd2ec1e2ccb71269654816f362282ccbf9aef1c01c8a0"
 		score = 75
 		quality = 75
 		tags = "FILE, MEMORY"
 		fingerprint = "4206c56b538eb1dd97e8ba58c5bab6e21ad22a0f8c11a72f82493c619d22d9b7"
-		severity = "100"
+		severity = 100
 		arch_context = "x86"
 		scan_context = "file, memory"
 		license = "Elastic License v2"
@@ -101158,8 +104899,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bfc17Bd : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1cdd94f2a1cb2b93134646c171d947e325a498f7a13db021e88c05a4cbb68903"
 		logic_hash = "ef83bc9ae3c881d09b691db42a1712b500a5bb8df34060a6786cfdc6caaf5530"
 		score = 75
@@ -101187,8 +104928,8 @@ rule ELASTIC_Linux_Trojan_Mirai_389Ee3E9 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f"
 		logic_hash = "fedeae98d468a11c3eaa561b9d5433ec206bdd4caed5aed7926434730f7f866b"
 		score = 75
@@ -101216,8 +104957,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Cc93863B : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f"
 		logic_hash = "881998dee010270d7cefae5b59a888e541d4a2b93e3e52ae0abe0df41371c50d"
 		score = 75
@@ -101245,8 +104986,8 @@ rule ELASTIC_Linux_Trojan_Mirai_8Aa7B5D3 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f"
 		logic_hash = "3c99b7b126184b75802c7198c81f4783af776920edc6e964dbe726d28d88f64d"
 		score = 75
@@ -101274,8 +105015,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76908C99 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "533a90959bfb337fd7532fb844501fd568f5f4a49998d5d479daf5dfbd01abb2"
 		logic_hash = "bd8254e888b1ea93ca9aad92ea2c8ece1f2d03ae2949ca4c3743b6e339ee21e0"
 		score = 75
@@ -101303,8 +105044,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1538Ce1A : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662"
 		logic_hash = "cf2dd11da520640c6a64e05c4679072a714d8cf93d5f5aa3a1eca8eb3e9c8b3b"
 		score = 75
@@ -101332,8 +105073,8 @@ rule ELASTIC_Linux_Trojan_Mirai_07B1F4F6 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662"
 		logic_hash = "4af1a20e29e0c9b62e1530031e49a3d7b37d4e9a547d89a270a2e59e0c7852cc"
 		score = 75
@@ -101361,8 +105102,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Feaa98Ff : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662"
 		logic_hash = "06be9d8bcfcb7e6b600103cf29fa8a94a457ff56e8c7018336c270978a57ccbf"
 		score = 75
@@ -101390,8 +105131,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Acd6Ed4 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2644447de8befa1b4fe39b2117d49754718a2f230d6d5f977166386aa88e7b84"
 		logic_hash = "ab284d41af8e1920fa54ac8bfab84bac493adf816aebce60490ab22c0e502201"
 		score = 75
@@ -101419,8 +105160,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eb940856 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fbf814c04234fc95b6a288b62fb9513d6bbad2e601b96db14bb65ab153e65fef"
 		logic_hash = "d7bb2373a35ea97a11513e80e9a561f53a8f0b9345f392e8e7f042d4cb2d7d20"
 		score = 75
@@ -101448,8 +105189,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_25D3C5Ba : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "4d461ff9b87e3a17637cef89ff8a85ef22f69695d4664f6fe8f271a6a5f7b4bc"
 		score = 75
 		quality = 75
@@ -101477,8 +105218,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_878Bae7E : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "94bed2220aeb41ae8069cee56cc5299b9fc56797d3b54085b8246a03d9e8bd93"
 		score = 75
 		quality = 75
@@ -101507,8 +105248,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_6C726744 : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "ee7586d5cbef23d1863a4dfcc5da9b97397c993268881922c681022bf4f293f0"
 		score = 75
 		quality = 75
@@ -101540,8 +105281,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_1A4Ad952 : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "bb854f5760f41e2c103c99d8f128a2546926a614dff8753eaa1287ac583e213a"
 		score = 75
 		quality = 75
@@ -101569,8 +105310,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_72B5Fd9D : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b2abc8f70df5d730ce6a7d0bc125bb623f27b292e7d575914368a8bfc0fb5837"
 		score = 75
 		quality = 75
@@ -101598,8 +105339,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_8Ba51798 : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "0733ae6a7e38bc2a25aa76a816284482d3ee25626559ec5af554b5f5070e534a"
 		score = 75
 		quality = 75
@@ -101634,8 +105375,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_88Daaf8E : BETA FILE MEMORY
 		date = "2020-04-30"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6fc463976c0fb9c3e4f25d854545d07800c63730826f3974298f0077d272cff0"
 		score = 75
 		quality = 75
@@ -101663,8 +105404,8 @@ rule ELASTIC_Linux_Exploit_Pulse_2Bea17E8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Pulse.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Pulse.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559"
 		logic_hash = "bc71efa6cc79171666d89fe3e755411ee8032f56ae5bd73e0de440eee5b718ab"
 		score = 75
@@ -101692,8 +105433,8 @@ rule ELASTIC_Linux_Exploit_Pulse_246E6F31 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Pulse.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Pulse.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559"
 		logic_hash = "f6755f10863b78303899cefcd81f609884fbbf2dffabd9219686ed869f2cc7e3"
 		score = 75
@@ -101721,8 +105462,8 @@ rule ELASTIC_Linux_Ransomware_Limpdemon_95C748E0 : FILE MEMORY
 		date = "2023-07-27"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4200e90a821a2f2eb3056872f06cf5b057be154dcc410274955b2aaca831651"
 		logic_hash = "e66906725c0af657d91771642908ac0b2c72a97c4d4f651dcc907c2c1437f2da"
 		score = 75
@@ -101753,8 +105494,8 @@ rule ELASTIC_Windows_Trojan_Beam_E41B243A : FILE MEMORY
 		date = "2021-12-07"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Beam.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Beam.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8"
 		logic_hash = "295837743ecfa51e1713d19cba24ff8885c8716201caac058ae8b2bc9e008e6c"
 		score = 75
@@ -101785,8 +105526,8 @@ rule ELASTIC_Windows_Trojan_Beam_5A951D13 : FILE MEMORY
 		date = "2021-12-07"
 		modified = "2022-04-12"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Beam.yar#L24-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Beam.yar#L24-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8"
 		logic_hash = "3419b649717b69f07334bd966f438dd0b77f03572fe14f4b88ce95a2a86cae07"
 		score = 75
@@ -101814,8 +105555,8 @@ rule ELASTIC_Linux_Shellcode_Generic_5669055F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "87ef4def16d956cdfecaea899cbb55ff59a6739bbb438bf44a8b5fec7fcfd85b"
 		logic_hash = "735b8dc7fff3c9cc96646a4eb7c5afd70be19dcc821e9e26ce906681130746be"
 		score = 75
@@ -101843,8 +105584,8 @@ rule ELASTIC_Linux_Shellcode_Generic_D2C96B1D : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "403d53a65bd77856f7c565307af5003b07413f2aba50869655cdd88ce15b0c82"
 		logic_hash = "33d964e22c8e3046f114e8264d18e8b4a0e7b55eca59151b084db7eea07aa0b1"
 		score = 75
@@ -101872,8 +105613,8 @@ rule ELASTIC_Linux_Shellcode_Generic_30C70926 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a742e23f26726293b1bff3db72864471d6bb4062db1cc6e1c4241f51ec0e21b1"
 		logic_hash = "3594994a911e5428198c472a51de189a6be74895170581ec577c49f8dbb9167a"
 		score = 75
@@ -101901,8 +105642,8 @@ rule ELASTIC_Linux_Shellcode_Generic_224Bdcc4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "bd22648babbee04555cef52bfe3e0285d33852e85d254b8ebc847e4e841b447e"
 		logic_hash = "8c4a2bb63f0926e7373caf0a027179b4730cc589f9af66d2071e88f4165b0f73"
 		score = 75
@@ -101930,8 +105671,8 @@ rule ELASTIC_Linux_Shellcode_Generic_99B991Cd : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "954b5a073ce99075b60beec72936975e48787bea936b4c5f13e254496a20d81d"
 		logic_hash = "664e213314fe1d6f1920de237ebea3a94f7fbc42eff089475674ccef812f0f68"
 		score = 75
@@ -101959,8 +105700,8 @@ rule ELASTIC_Linux_Shellcode_Generic_24B9Aa12 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "24b2c1ccbbbe135d40597fbd23f7951d93260d0039e0281919de60fa74eb5977"
 		logic_hash = "4685253eb00a21d6dd6e874ff68209f20c8668262f24767086687555ccf934aa"
 		score = 75
@@ -101988,8 +105729,8 @@ rule ELASTIC_Linux_Shellcode_Generic_8Ac37612 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c199b902fa4b0fcf54dc6bf3e25ad16c12f862b47e055863a5e9e1f98c6bd6ca"
 		logic_hash = "c0af751bc54dcd9cf834fa5fe9fa120be5e49a56135ebb72fd6073948e956929"
 		score = 75
@@ -102017,8 +105758,8 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Shellcode_Generic.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Shellcode_Generic.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f357597f718f86258e7a640250f2e9cf1c3363ab5af8ddbbabb10ebfa3c91251"
 		logic_hash = "20ae3f1d96f8afd0900ac919eacaff3bd748a7466af5bb2b9f77cfdc4b8b829e"
 		score = 75
@@ -102046,8 +105787,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_6Cab0Ec0 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42"
 		logic_hash = "c19fe812b74b034bfb42c0e2ee552d879ed038e054c5870b85e7e610d3184198"
 		score = 75
@@ -102075,8 +105816,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_293Bfea9 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42"
 		logic_hash = "b8bd0d034a6306f99333723d77724ae53c1a189dad3fad7417f2d2fde214c24a"
 		score = 75
@@ -102107,8 +105848,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_448Fa81D : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42"
 		logic_hash = "ab0608920b9f632bad99e1358f21a88bc6048f46fca21a488a1a10b7ef1e42ae"
 		score = 75
@@ -102138,8 +105879,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_768Df39D : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "140ba93d57b27325f66b36132ecaab205663e3e582818baf377e050802c8d152"
 		score = 75
 		quality = 75
@@ -102167,8 +105908,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_7Ce0B709 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_bind_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "56fc05ece464d562ff6e56247756454c940c07b03c4a4c783b2bae4d5807247a"
 		score = 75
 		quality = 75
@@ -102196,8 +105937,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_F11Ccdac : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_find_port.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "fcf578d3e98b591b33cb6f4bec1b9e92a7e1a88f0b56f3c501f9089d2094289c"
 		score = 75
 		quality = 75
@@ -102225,8 +105966,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_D9B16F4C : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "8e082878fb52f6314ec8c725dd279447ee8a0fc403c47ffd997712adb496e7c3"
 		score = 75
 		quality = 75
@@ -102254,8 +105995,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_2992B917 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "10056ffb719092f83ad236a63ef6fa1f40568e500c042bd737575997bb67a8ec"
 		score = 75
 		quality = 75
@@ -102283,8 +106024,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_27D409F1 : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x64/shell_bind_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "b757e0ab6665a3e4846c6bbe4386e9d9a730ece00a2453933ce771aec2dd716e"
 		score = 75
 		quality = 75
@@ -102312,8 +106053,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_65A2394B : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/osx/x86/vforkshell.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "f01f671b0bf9fa53aa3383c88ba871742f0e55dbdae4278f440ed29f35eb1ca1"
 		score = 75
 		quality = 75
@@ -102341,8 +106082,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_C7B7A90B : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/reverse_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d4b1f01bf8434dd69188d2ad0b376fad3a4d9c94ebe74d40f05019baf95b5496"
 		score = 75
 		quality = 75
@@ -102370,8 +106111,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_4Bd6Aaca : FILE MEMORY
 		date = "2021-09-30"
 		modified = "2021-10-25"
 		reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/bind_tcp.rb"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "a3de610ced90679f6fa0dcdf7890a64369c774839ea30018a7ef6fe9289d3d17"
 		score = 75
 		quality = 75
@@ -102399,8 +106140,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_5E5B685F : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cdf0a3c07ef1479b53d49b8f22a9f93adcedeea3b869ef954cc043e54f65c3d0"
 		logic_hash = "003fb4f079b125f37899a2b3cb62d80edd5b3e5ccbed5bc1ea514a4a173d329d"
 		score = 75
@@ -102428,8 +106169,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_77C36Ace : FILE MEMORY
 		date = "2021-08-16"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd"
 		logic_hash = "e8c1060efde0c4a073247d03a19dedb1c0acc8506fbf6eac93ac44f00fc73be1"
 		score = 75
@@ -102461,8 +106202,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_975D546C : FILE MEMORY
 		date = "2023-03-23"
 		modified = "2023-04-23"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "aca133bf1d72cf379101e6877871979d6e6e8bc4cc692a5ba815289735014340"
 		logic_hash = "cbd8ce991059f961236a4bb83ea5a78efa661199b40fca8b09550856e932198b"
 		score = 75
@@ -102495,8 +106236,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_57C0C6D7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "100dc1ede4c0832a729d77725784d9deb358b3a768dfaf7ff9e96535f5b5a361"
 		logic_hash = "d3a272d488cebe4f774c994001a14d825372a27f16267bc0339b7e3b22ada8db"
 		score = 75
@@ -102524,8 +106265,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_7E42Bf80 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "551b6e6617fa3f438ec1b3bd558b3cbc981141904cab261c0ac082a697e5b07d"
 		logic_hash = "ad8c8f0081d07f7e2a5400de6af2c6b311f77ff336d7576f7fb0bfe2593a9062"
 		score = 75
@@ -102553,8 +106294,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_271121Fb : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19aeafb63430b5ac98e93dfd6469c20b9c1145e6b5b86202553bd7bd9e118842"
 		logic_hash = "f43b1527ad4bbd07023126def89c1af47698cc832f71f4a1381ed0d621d79ed5"
 		score = 75
@@ -102582,8 +106323,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_E7E64Fb7 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "e325ac02c51526c5a36bdd6c2bcb3bee51f1214d78eff8048c8a1ae88334a9e8"
 		score = 75
 		quality = 75
@@ -102610,8 +106351,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_79B42B21 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "db42871193960ea4c2cbe5f5040cbc1097d57d9e4dc291bcc77ed72b588311ab"
 		score = 75
 		quality = 75
@@ -102638,8 +106379,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_77Fbc695 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e723a2b976adddb01abb1101f2d3407b783067bec042a135b21b14d63bc18a68"
 		logic_hash = "af8e09cd5d6b7532af0c06273aa465cf6c40ad6c919a679fd09191a1c2a302f5"
 		score = 75
@@ -102667,8 +106408,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_403B0A12 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "54d806b3060404ccde80d9f3153eebe8fdda49b6e8cdba197df0659c6724a52d"
 		logic_hash = "5b7662124eb980b11f88a50665292e7a405595f7ad85c5c448dd087ea096689a"
 		score = 75
@@ -102696,8 +106437,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Bffa106B : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "d7214ad9c4291205b50567d142d99b8a19a9cfa69d3cd0a644774c3a1adb6b49"
 		score = 75
 		quality = 75
@@ -102724,8 +106465,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_73Faf972 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655"
 		logic_hash = "a6a9d304d215302bf399c90ed0dd77a681796254c51a2a20e4a316dba43b387f"
 		score = 75
@@ -102753,8 +106494,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Af809Eea : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655"
 		logic_hash = "4ae4b119a3eecfdb47a88fe5a89a4f79ae96eecf5d08eef08997357de7e6538a"
 		score = 75
@@ -102782,8 +106523,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_9F6Ac00F : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9cd58c1759056c0c5bbd78248b9192c4f8c568ed89894aff3724fdb2be44ca43"
 		logic_hash = "9fa8e7be5c35c9a649c42613d0d5d5cecff3d9c3e9a572e4be1ca661876748a5"
 		score = 75
@@ -102811,8 +106552,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Dbcc9D87 : FILE MEMORY
 		date = "2021-12-13"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "da9b8fb5c26e81fb3aed3b0bc95d855339fced303aae2af281daf0f1a873e585"
 		logic_hash = "b7fa60e32cb53484d8b76b13066eda1f2275ee2660ac2dc02b0078b921998e79"
 		score = 75
@@ -102840,8 +106581,8 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE
 		date = "2022-10-07"
 		modified = "2023-06-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ed4f2b3db9a79535228af253959a0749b93291ad8b1058c7a41644b73035931b"
 		logic_hash = "43f9f1f6ad6c1defe2f0d6dd0cd380bea1a8ead19bc0bf203bdfe4f83b9c284d"
 		score = 75
@@ -102860,6 +106601,44 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE
 	condition:
 		int16 ( uint32(0x3C)+0x5c)==0x0001 and $str1
 }
+rule ELASTIC_Multi_Trojan_Merlin_32643F4C : FILE MEMORY
+{
+	meta:
+		description = "Detects Multi Trojan Merlin (Multi.Trojan.Merlin)"
+		author = "Elastic Security"
+		id = "32643f4c-ee47-4ed2-9807-7b85d3f4e095"
+		date = "2024-03-01"
+		modified = "2024-05-23"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Multi_Trojan_Merlin.yar#L1-L28"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "84b988c4656677bc021e23df2a81258212d9ceba13be204867ac1d9d706404e2"
+		logic_hash = "7de2deec0e2c7fd3ce2b42762f88bfe87cb4ffb02b697953aa1716425d6f1612"
+		score = 75
+		quality = 75
+		tags = "FILE, MEMORY"
+		fingerprint = "bce277ef43c67be52b67c4495652e99d4707975c79cb30b54283db56545278ae"
+		severity = 100
+		arch_context = "x86, arm64"
+		scan_context = "file, memory"
+		license = "Elastic License v2"
+		os = "multi"
+
+	strings:
+		$a1 = "json:\"killdate,omitempty\""
+		$a2 = "json:\"maxretry,omitempty\""
+		$a3 = "json:\"waittime,omitempty\""
+		$a4 = "json:\"payload,omitempty\""
+		$a5 = "json:\"skew,omitempty\""
+		$a6 = "json:\"command\""
+		$a7 = "json:\"pid,omitempty\""
+		$b1 = "/merlin-agent/commands"
+		$b2 = "/merlin/pkg/jobs"
+		$b3 = "github.com/Ne0nd0g/merlin"
+
+	condition:
+		all of ($a*) or all of ($b*)
+}
 rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY
 {
 	meta:
@@ -102869,8 +106648,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8d2a9e363752839a09001a9e3044ab7919daffd9d9aee42d936bc97394164a88"
 		logic_hash = "e3e9934ee8ce6933f676949c5b5c82ad044ac32f08fe86697b0a0cf7fb63fc5e"
 		score = 75
@@ -102898,8 +106677,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_52462Fe8 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c1d8c64105caecbd90c6e19cf89301a4dc091c44ab108e780bdc8791a94caaad"
 		logic_hash = "1ab6979392eeaa7bd6bd84f8d3531bd9071c54b58306a42dcfdd27bf7ec8f8cd"
 		score = 75
@@ -102927,8 +106706,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_De9E7Bdf : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "447da7bee72c98c2202f1919561543e54ec1b9b67bd67e639b9fb6e42172d951"
 		logic_hash = "bdc4a3e4eeffc0d32e6a86dda54beceab8301d0065731d9ade390392ab4c6126"
 		score = 75
@@ -102956,8 +106735,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_B41F70C2 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "19c1a54279be1710724fc75a112741575936fe70379d166effc557420da714cd"
 		logic_hash = "02de55c537da1cc03af26a171c768ad87984e45983c3739f90ad9983c70e7ccf"
 		score = 75
@@ -102985,8 +106764,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_1D307D7C : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "00bc669f79b2903c5d9e6412050655486111647c646698f9a789e481a7c98662"
 		logic_hash = "de4807353d2ba977459a1bf7f51fd815e311c0bdc5fccd5e99fd44a766f6866f"
 		score = 75
@@ -103014,8 +106793,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_7F7Aba78 : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7"
 		logic_hash = "a3b46d29fa51dd6a911cb9cb0e67e9d57d3f3b6697dc8edcc4d82f09d9819a92"
 		score = 75
@@ -103043,8 +106822,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_Ab8Ba790 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2aee0c74d9642ffab1f313179c26400acf60d7cbd2188bade28534d403f468d4"
 		logic_hash = "2a7a71712ad3f756a2dc53ec80bd9fb625f7c679fd9566945ebfeb392b9874a9"
 		score = 75
@@ -103072,8 +106851,8 @@ rule ELASTIC_Windows_Ransomware_Haron_A1C12E7E : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Haron.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Haron.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c"
 		logic_hash = "84df5a13495acee5dc2007cf1d6e1828a832d46fcbad2ca8676643fd47756248"
 		score = 75
@@ -103102,8 +106881,8 @@ rule ELASTIC_Windows_Ransomware_Haron_23B76Cb7 : FILE MEMORY
 		date = "2021-08-03"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Haron.yar#L22-L41"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Haron.yar#L22-L41"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c"
 		logic_hash = "e53c92be617444da0057680ee1ac45cbc1f707194281644bececa44e4ebe3580"
 		score = 75
@@ -103132,8 +106911,8 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY
 		date = "2021-08-15"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Danabot.yar#L1-L26"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Danabot.yar#L1-L26"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96"
 		logic_hash = "b9c895be9eab775726abd2c13256d598c5b79bceb2d652c30b1df4cfc37e4b93"
 		score = 75
@@ -103168,8 +106947,8 @@ rule ELASTIC_Windows_Vulndriver_Rweverything_Aee156A5 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b"
 		logic_hash = "46b7f2ad46564c6b99f0df6146dff7c88ccbe3ad6c6d1bcbefe756606c4fe40e"
 		score = 75
@@ -103198,8 +106977,8 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY
 		date = "2021-09-02"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4278064ec50f87bb0471053c068b13955ed9d599434e687a64bf2060438a7511"
 		logic_hash = "66223dc9e2ef7330e26c91f0c82c555e96e4c794a637ab2cbe36410f3eca202a"
 		score = 75
@@ -103230,8 +107009,8 @@ rule ELASTIC_Linux_Ransomware_Blackbasta_96Eb3F20 : FILE MEMORY
 		date = "2022-08-06"
 		modified = "2022-08-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be"
 		logic_hash = "a5e0b60ba51490f70af53c9fba91e3349c712bebb10574eb4bed028ab961ae74"
 		score = 75
@@ -103265,8 +107044,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_C57F3F88 : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5"
 		logic_hash = "408c6d811232dbd0c87f75fd28508366151cf9f2f10f012919588db1919e406b"
 		score = 75
@@ -103294,8 +107073,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_99681F1C : FILE MEMORY
 		date = "2024-01-17"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0b02cfe16ac73f2e7dc52eaf3b93279b7d02b3d64d061782dfed0c55ab621a8e"
 		logic_hash = "fb293d74186e778856780377120ac2ebe9550a508a0b33e706c39f93a5509df8"
 		score = 75
@@ -103323,8 +107102,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_83F05Fbe : BETA FILE MEMORY
 		date = "2020-06-18"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "c88fc2690deae3700e605b2affb5ecac3d1ffc92435f33209f31897d28715b8c"
 		score = 75
 		quality = 73
@@ -103365,8 +107144,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_182B2Cea : BETA FILE MEMORY
 		date = "2020-06-18"
 		modified = "2021-10-04"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "1c23effe5f8b35c5e03ebd5e57664c8937259d464f92dda0a9df344b982e8f8c"
 		score = 75
 		quality = 75
@@ -103400,8 +107179,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_A282Ba44 : BETA FILE MEMORY
 		date = "2020-06-18"
 		modified = "2021-08-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "3a583069c9ab851a90f3a61c9c4fa67f8b918b8d168fcf7f25b2a3ae3465c596"
 		score = 75
 		quality = 75
@@ -103436,8 +107215,8 @@ rule ELASTIC_Linux_Backdoor_Generic_Babf9101 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "9ea73d2c2a5f480ae343846e2b6dd791937577cb2b3d8358f5b6ede8f3696b86"
 		logic_hash = "40084f3bed66c1d4a1cd2ffca99fd6789c8ed2db04031e4d4a4926b41d622355"
 		score = 75
@@ -103465,8 +107244,8 @@ rule ELASTIC_Linux_Backdoor_Generic_5776Ae49 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Backdoor_Generic.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Backdoor_Generic.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e247a5decb5184fd5dee0d209018e402c053f4a950dae23be59b71c082eb910c"
 		logic_hash = "b606f12c47182d80e07f8715639c3cc73753274bd8833cb9f6380879356a2b12"
 		score = 75
@@ -103494,8 +107273,8 @@ rule ELASTIC_Linux_Packer_Patched_UPX_62E11C64 : FILE
 		date = "2021-06-08"
 		modified = "2021-07-28"
 		reference = "https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669"
 		logic_hash = "cb576fdd59c255234a96397460b81cbb2deeb38befaed101749b7bb515624028"
 		score = 75
@@ -103523,8 +107302,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_Bb204B81 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6147481d083c707dc98905a1286827a6e7009e08490e7d7c280ed5a6356527ad"
 		logic_hash = "90d211c11281f5f8832210f3fc087fe5ff5a519b9b38628835e8b5fcc560bd9b"
 		score = 75
@@ -103552,8 +107331,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_7C60454D : FILE MEMORY
 		date = "2022-01-05"
 		modified = "2022-01-26"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "14eeff3516de6d2cb11d6ada4026e3dcee1402940e3a0fb4fa224a5c030049d8"
 		logic_hash = "90dcd0a3d3f6345e66db0a4f8465e3830eb4e3bcb675db16c60a89e20f935aec"
 		score = 75
@@ -103581,8 +107360,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_D3Ac2B2F : FILE MEMORY
 		date = "2021-03-22"
 		modified = "2022-06-20"
 		reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4"
 		logic_hash = "9c13a99107593d476de1522ced10aa43d34535b844e8c3ae871b22358137c926"
 		score = 75
@@ -103648,8 +107427,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_E577E17E : FILE MEMORY
 		date = "2022-03-11"
 		modified = "2022-04-12"
 		reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6"
 		logic_hash = "84c5f1096735cee0f0f4ad41a81286c0a60dc17c276f23568b855271d996c8a2"
 		score = 75
@@ -103677,8 +107456,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_F2A90D14 : FILE MEMORY
 		date = "2022-03-11"
 		modified = "2022-04-12"
 		reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6"
 		logic_hash = "3f39b773f2b1524b05d3c1d9aa1fb54594ec9003d2e9da342b6d17ba885f5a03"
 		score = 75
@@ -103706,8 +107485,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_A2D69E48 : FILE MEMORY
 		date = "2023-05-01"
 		modified = "2023-06-13"
 		reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "edef51e59d10993155104d90fcd80175daa5ade63fec260e3272f17b237a6f44"
 		logic_hash = "1f90be86b7afa7f518a3dcec55028bfc915cf6d4fed1350a56e351946cc55f41"
 		score = 75
@@ -103736,8 +107515,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_Ebf431A8 : FILE MEMORY
 		date = "2023-12-01"
 		modified = "2024-01-12"
 		reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0cb3051a80a0515ce715b71fdf64abebfb8c71b9814903cb9abcf16c0403f62b"
 		logic_hash = "b02d6e2d68b336aaa37336e0c0c3ffa6c7a126bfcdb6cb6ad5a3432004c6030c"
 		score = 75
@@ -103770,8 +107549,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_3315863F : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498"
 		logic_hash = "ba4e6a94516e36dcd6140b6732d959703e2c58a79add705b9260001ea26db738"
 		score = 75
@@ -103800,8 +107579,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_1B1C5Cd5 : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22"
 		logic_hash = "5fcfffea021aee8d18172383df0e65f8c618fab545c800f1a7b659e8112c6c0f"
 		score = 75
@@ -103831,8 +107610,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_E8F16920 : FILE MEMORY
 		date = "2023-02-28"
 		modified = "2023-03-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_NapListener.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_NapListener.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4"
 		logic_hash = "6cb7b5051fab2b56f39b2805788b5b0838a095b41fcc623fe412b215736be5d4"
 		score = 75
@@ -103862,8 +107641,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY
 		date = "2023-02-28"
 		modified = "2023-03-20"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_NapListener.yar#L23-L46"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_NapListener.yar#L23-L46"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4"
 		logic_hash = "52d3ddebdc1a8aa4bcb902273bd2d3b4f9b51f248d25e7ae1cc260a9550111f5"
 		score = 75
@@ -103896,8 +107675,8 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE
 		date = "2022-04-27"
 		modified = "2022-05-03"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1"
 		logic_hash = "e5f972ad9a31aefbd20237e6ea3dd19a025c2e3487fa080e9f9b8acf1e3f58e6"
 		score = 75
@@ -103918,6 +107697,121 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE
 	condition:
 		int16 ( uint32(0x3C)+0x5c)==0x0001 and $original_file_name and $version
 }
+rule ELASTIC_Windows_Exploit_Generic_E95Cc41C : FILE
+{
+	meta:
+		description = "Detects Windows Exploit Generic (Windows.Exploit.Generic)"
+		author = "Elastic Security"
+		id = "e95cc41c-6cad-4b9c-b647-3c60e6614e25"
+		date = "2024-02-28"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Generic.yar#L1-L32"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "4cce9e39c376f67c16df3bcd69efd9b7472c3b478e2e5ef347e1410f1105c38d"
+		logic_hash = "9b620988a6ee84ed0cbb0fb0a3cca633fffc8e6369ed45455e9e1e6c021ea461"
+		score = 75
+		quality = 75
+		tags = "FILE"
+		fingerprint = "78f78de7cee54107ee7c3de9b152ce3a242c1408115ab0950ccdfc278ed15a19"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$s1 = "Got system privileges" nocase
+		$s2 = "Got SYSTEM token" nocase
+		$s3 = "Got a SYSTEM token" nocase
+		$s4 = "] Duplicating SYSTEM token" nocase
+		$s5 = "] Token Stealing is successful" nocase
+		$s6 = "] Exploit completed" nocase
+		$s7 = "] Got SYSTEM shell." nocase
+		$s8 = "] Spawning SYSTEM shell" nocase
+		$s9 = "we have a SYSTEM shell!" nocase
+		$s10 = "Dropping to System Shell." nocase
+		$s11 = "] Enjoy the NT AUTHORITY\\SYSTEM shell" nocase
+		$s12 = "] SMEP is disabled" nocase
+		$s13 = "] KUSER_SHARED_DATA"
+		$s14 = "] Found System EPROCESS"
+
+	condition:
+		any of them
+}
+rule ELASTIC_Windows_Exploit_Generic_008359Cf : FILE
+{
+	meta:
+		description = "Detects Windows Exploit Generic (Windows.Exploit.Generic)"
+		author = "Elastic Security"
+		id = "008359cf-5510-4f91-8cb1-7b4ff645bf2d"
+		date = "2024-02-28"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Generic.yar#L34-L57"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "73225a3a54560965f4c4fae73f7ee234e31217bc06ff8ba1d0b36ebab5e76a87"
+		logic_hash = "9514241b5573c8d01ccd012195e29aefc3ef8a12eb982e6dd9ec66b00c064bd8"
+		score = 75
+		quality = 75
+		tags = "FILE"
+		fingerprint = "3ef3b6bbe2141cb8ce47a5ee7c7531e72773d4dc4e478bb792c9230e4948db02"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { C6 85 ?? 01 00 00 74 C6 85 ?? 01 00 00 58 C6 85 ?? 01 00 00 58 }
+		$a2 = { C6 45 ?? 41 C6 45 ?? 66 C6 45 ?? 64 C6 45 ?? 4F C6 45 ?? 70 C6 45 ?? 65 C6 45 ?? 6E C6 45 ?? 50 C6 45 ?? 61 C6 45 ?? 63 C6 45 ?? 6B C6 45 ?? 65 C6 45 ?? 74 C6 45 ?? 58 C6 45 ?? 58 }
+		$b1 = "NtCreateFile"
+		$b2 = "\\Device\\Afd\\Endpoint" wide nocase
+		$b3 = "\\Device\\Afd\\Endpoint" nocase
+		$b4 = "NtDeviceIoControlFile"
+
+	condition:
+		1 of ($a*) and 3 of ($b*)
+}
+rule ELASTIC_Windows_Exploit_Generic_8C54846D : FILE
+{
+	meta:
+		description = "Detects Windows Exploit Generic (Windows.Exploit.Generic)"
+		author = "Elastic Security"
+		id = "8c54846d-07ee-43bc-93e1-72bf4162ab87"
+		date = "2024-02-29"
+		modified = "2024-06-12"
+		reference = "https://github.com/elastic/protections-artifacts/"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Exploit_Generic.yar#L59-L87"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
+		hash = "b6ea4815a38e606d4a2d6e6d711e610afec084db6899b7d6fc874491dd939495"
+		logic_hash = "0662c8edb449e15b16be3e53a88cf62af46b4a656c1a49b399e131c2ad71b55a"
+		score = 75
+		quality = 71
+		tags = "FILE"
+		fingerprint = "9acb35c06a21e35639c8026a18e919329db82a0629a8e2267f1f4fe00b3bb871"
+		severity = 100
+		arch_context = "x86"
+		scan_context = "file"
+		license = "Elastic License v2"
+		os = "windows"
+
+	strings:
+		$a1 = { 5C 63 76 65 2D 32 30 ?? ?? 2D ?? ?? ?? ?? 5C 78 36 34 5C 52 65 6C 65 61 73 65 5C }
+		$a2 = { 5C 43 56 45 2D 32 30 ?? ?? 2D ?? ?? ?? ?? 5C 78 36 34 5C 52 65 6C 65 61 73 65 5C }
+		$a3 = { 5C 78 36 34 5C 52 65 6C 65 61 73 65 5C 43 56 45 2D 32 30 ?? ?? 2D ?? ?? ?? ?? ?? 2E 70 64 62 }
+		$a4 = { 5C 52 65 6C 65 61 73 65 5C 43 56 45 2D 32 30 ?? ?? 2D }
+		$a5 = "\\x64\\Release\\CmdTest.pdb"
+		$a6 = "\\x64\\Release\\RunPS.pdb"
+		$a7 = "X:\\tools\\0day\\"
+		$a8 = "C:\\work\\volodimir_"
+		$a9 = { 78 36 34 5C 52 65 6C 65 61 73 65 5C 65 78 70 6C 6F 69 74 2E 70 64 62 }
+		$b1 = { 5C 43 56 45 2D 32 30 ?? ?? 2D }
+		$b2 = { 5C 78 36 34 5C 52 65 6C 65 61 73 65 5C }
+
+	condition:
+		any of ($a*) or all of ($b*)
+}
 rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY
 {
 	meta:
@@ -103927,8 +107821,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY
 		date = "2021-09-15"
 		modified = "2022-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "541a4ca1da41f7cf54dff3fee917b219fadb60fd93a89b93b5efa3c1a57af81d"
 		score = 75
 		quality = 75
@@ -103956,8 +107850,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_5C38878D : FILE MEMORY
 		date = "2021-09-15"
 		modified = "2021-01-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "897880d13318027ac5008fe8d008f09780d6fa807d6cc828b57975443358750c"
 		score = 75
 		quality = 75
@@ -103984,8 +107878,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_21E801E0 : FILE MEMORY
 		date = "2024-01-21"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c3bda62725bb1047d203575bbe033f0f95d4dd6402c05f9d0c69d24bd3224ca6"
 		logic_hash = "19ef7bc8c7117024ca72956376954254c36eeb673f9379aa00475f763084a169"
 		score = 75
@@ -104013,8 +107907,8 @@ rule ELASTIC_Linux_Trojan_Shellbot_65Aa6568 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "457d1f4e1db41a9bdbfad78a6815f42e45da16ad0252673b9a2b5dcefc02c47b"
 		logic_hash = "46558801151ddc2f25bf46a278719f027acca2a18d2a9fcb275f4d787fbb1f0b"
 		score = 75
@@ -104042,8 +107936,8 @@ rule ELASTIC_Linux_Trojan_Dnsamp_C31Eebd4 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "4b86de97819a49a90961d59f9c3ab9f8e57e19add9fe1237d2a2948b4ff22de6"
 		logic_hash = "b998065eff9f67a1cdf19644a13edb0cef3c619d8b6e16c412d58f5d538e4617"
 		score = 75
@@ -104071,8 +107965,8 @@ rule ELASTIC_Windows_Trojan_Carberp_D6De82Ae : FILE MEMORY
 		date = "2021-02-07"
 		modified = "2021-08-23"
 		reference = "https://github.com/m0n0ph1/malware-1/blob/master/Carberp%20Botnet/source%20-%20absource/pro/all%20source/hvnc_dll/HVNC%20Lib/vnc/xvnc.h#L342"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Carberp.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Carberp.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f98fadb6feab71930bd5c08e85153898d686cc96c84fe349c00bf6d482de9b53"
 		logic_hash = "085020755c77b299b2bfd18b34af6c68450c29de67b8ae32ddf2b26299b923ae"
 		score = 75
@@ -104102,8 +107996,8 @@ rule ELASTIC_Windows_Hacktool_Sharpwmi_A67D6Fe5 : FILE MEMORY
 		date = "2022-10-20"
 		modified = "2022-11-24"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "2134a5e1a5eece1336f831a7686c5ea3b6ca5aaa63ab7e7820be937da0678e15"
 		logic_hash = "de8749951ece8d4798ade4661d531515e12edf8e8606ddc330000d847a66a26c"
 		score = 75
@@ -104139,8 +108033,8 @@ rule ELASTIC_Linux_Exploit_Abrox_5641Ba81 : FILE MEMORY
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_Abrox.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_Abrox.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8de96c8e61536cae870f4a24127d28b86bd8122428bf13965c596f92182625aa"
 		logic_hash = "29c894720c8d9134623427768ab1ab3d5e66fbeae86dd957f449d00091db9019"
 		score = 75
@@ -104168,8 +108062,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_364F3B7B : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69"
 		logic_hash = "5950195453232e4752b58c9e466c4df1b5ca2b22d5325730de69cd4178438aa7"
 		score = 75
@@ -104197,8 +108091,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3A2Ed31B : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f"
 		logic_hash = "30cd10e38cbda719d9c344efd813e9a19e738a5251e3622957c8349e94366a29"
 		score = 75
@@ -104226,8 +108120,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_7448814C : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba"
 		logic_hash = "0024b2cc22bf6c2dfc3b73ba91080cea8d502659db38d94b19338382e2fc0c84"
 		score = 75
@@ -104255,8 +108149,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_2Fa988E3 : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993"
 		logic_hash = "55c3992ca62ebaf8d45aff818d3261838d239f2004125689ea81edca2cfa59c2"
 		score = 75
@@ -104284,8 +108178,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ea8801Ac : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd"
 		logic_hash = "00a7f71a0559f937ace15465059147839598897467db6176040882d86111bcd2"
 		score = 75
@@ -104313,8 +108207,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B2Ebdebd : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d"
 		logic_hash = "a9d6ffa65b503f9aa13a0054fa92e346c86585418b6b72131efc00340f8ec224"
 		score = 75
@@ -104342,8 +108236,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9190D516 : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f"
 		logic_hash = "370248d2b6bb625d65f160b62f1b4a7d2809f3fedfb98a009b19dab61f0ba57e"
 		score = 75
@@ -104371,8 +108265,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3B460716 : FILE MEMORY CVE_2016_5195
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420"
 		logic_hash = "759e08c9e3405d841aa467c3343cfac01fed9e9d86aca90139d0eae8855942e5"
 		score = 75
@@ -104400,8 +108294,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ccfd7518 : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf"
 		logic_hash = "02720152af167f1a7e5707f97aa920c6d955458df58d8ef0d9eba868da6a16af"
 		score = 75
@@ -104429,8 +108323,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_D41C2C63 : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1"
 		logic_hash = "c9460cfc2b6d686145be9afd3ed670619f04c7155b03caa193222cba8405160d"
 		score = 75
@@ -104458,8 +108352,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ffa7F059 : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5"
 		logic_hash = "b558066b80232ceb32c625f49a0ddeccd4b3bc52e664e5a72f2aa7361bcec352"
 		score = 75
@@ -104487,8 +108381,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Fb24C7E4 : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5"
 		logic_hash = "17a2a628f2d1fa088a1e0c5b2ad3f08e24b8504033b328c944b9ae83a5d12fcc"
 		score = 75
@@ -104516,8 +108410,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B45098Df : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314"
 		logic_hash = "4622551b73a12c5399df1f4e052ce32b4cee04486a870bc92942c8597dcad1f7"
 		score = 75
@@ -104545,8 +108439,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9C67A994 : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25"
 		logic_hash = "742ce59fadefe242ca97d8ce603976fa8b5e1ba55ede38434c04dcd6f4891712"
 		score = 75
@@ -104574,8 +108468,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ab87C1Ed : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28"
 		logic_hash = "737f5ff982d2b656918ad3258ca20bce2ec416f2af743335b9a87a86f78be810"
 		score = 75
@@ -104603,8 +108497,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_F1C0482A : FILE MEMORY CVE_2016_5195
 		date = "2021-04-06"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061"
 		logic_hash = "084ba60d8464ef5bf3a3aa942bb88caf447c6cee3ebf023157bd261226057663"
 		score = 75
@@ -104632,8 +108526,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_Be71209D : FILE MEMORY
 		date = "2023-01-31"
 		modified = "2023-02-01"
 		reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "452b08d6d2aa673fb6ccc4af6cebdcb12b5df8722f4d70d1c3491479e7b39c05"
 		logic_hash = "24e035bbcd5d44877e6e582a995d0035ad26c53e832c34b0c8a3836cb1a11637"
 		score = 75
@@ -104662,8 +108556,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_0D899241 : MEMORY
 		date = "2023-01-31"
 		modified = "2023-02-01"
 		reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea"
 		logic_hash = "57385e149c6419aed2dcd3ecbbe26d8598918395a6480dd5cdb799ce7328901a"
 		score = 75
@@ -104697,8 +108591,8 @@ rule ELASTIC_Linux_Ransomware_Esxiargs_75A8Ec04 : FILE MEMORY
 		date = "2023-02-09"
 		modified = "2024-02-13"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66"
 		logic_hash = "7316cab75c1bcf41ae6c96afa41ef96c37ab1bb679f36a0cc1dd08002a357165"
 		score = 75
@@ -104730,8 +108624,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_28B13E67 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "0b50a38749ea8faf571169ebcfce3dfd668eaefeb9a91d25a96e6b3881e4a3e8"
 		logic_hash = "586ae19e570c51805afd3727b2e570cdb1c48344aa699e54774a708f02bc3a6f"
 		score = 75
@@ -104759,8 +108653,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_75C8Cb4E : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3d69912e19758958e1ebdef5e12c70c705d7911c3b9df03348c5d02dd06ebe4e"
 		logic_hash = "527fecb8460c0325c009beddd6992e0abbf8c5a05843e4cedf3b17deb4b19a1c"
 		score = 75
@@ -104788,8 +108682,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_17B564B4 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "94f6e5ee6eb3a191faaf332ea948301bbb919f4ec6725b258e4f8e07b6a7881d"
 		logic_hash = "40cd2a793c8ed51a8191ecb9b358f50dc2035d997d0f773f6049f9c272291607"
 		score = 75
@@ -104817,8 +108711,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C90C088A : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "875513f4ebeb63b9e4d82fb5bff2b2dc75b69c0bfa5dd8d2895f22eaa783f372"
 		logic_hash = "c82c5c8d1e38e0d2631c5611e384eb49b58c64daeafe0cc642682e5c64686b60"
 		score = 75
@@ -104846,8 +108740,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_3965578D : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d72543505e36db40e0ccbf14f4ce3853b1022a8aeadd96d173d84e068b4f68fa"
 		logic_hash = "6bd24640e0a3aa152fcd90b6975ee4fb7e99ab5f2d48d3a861bc804c526c90b6"
 		score = 75
@@ -104875,8 +108769,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_00D9D0E9 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "73069b34e513ff1b742b03fed427dc947c22681f30cf46288a08ca545fc7d7dd"
 		logic_hash = "535831872408caa27984190d1b1b1a5954e502265925d50457e934219598dbfd"
 		score = 75
@@ -104904,8 +108798,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_650B8Ff4 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "78fd2c4afd7e810d93d91811888172c4788a0a2af0b88008573ce8b6b819ae5a"
 		logic_hash = "e8a706db010e9c3d9714d5e7a376e9b2189af382a7b01db9a9e7ee947e9637bb"
 		score = 75
@@ -104933,8 +108827,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C8Ad7Edd : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d4915473e1096a82afdaee405189a0d0ae961bd11a9e5e9adc420dd64cb48c24"
 		logic_hash = "be09b4bd612bb499044fe91ca4e1ab62405cf1e4d75b8e1da90e326d1c66e04f"
 		score = 75
@@ -104962,8 +108856,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_Cb7344Eb : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "53373668d8c5dc17f58768bf59fb5ab6d261a62d0950037f0605f289102e3e56"
 		logic_hash = "6b5e868dfd14e9b1cdf3caeb1216764361b28c1dd38849526baf5dbdb1020d8d"
 		score = 75
@@ -104991,8 +108885,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_753E5738 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "42aeea232b28724d1fa6e30b1aeb8f8b8c22e1bc8afd1bbb4f90e445e31bdfe9"
 		logic_hash = "7a6907b51c793e4182c1606eab6f2bcb71f0350a34aef93fa3f3a9f1a49961ba"
 		score = 75
@@ -105020,8 +108914,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_7B9F0C28 : FILE MEMORY
 		date = "2021-10-05"
 		modified = "2021-10-25"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "fc4da125fed359d3e1740dafaa06f4db1ffc91dbf22fd5e7993acf8597c4c283"
 		logic_hash = "32abbb76c866e3a555ee6a9c39f62a0712f641959b66068abfb4379baa9a9da9"
 		score = 75
@@ -105049,8 +108943,8 @@ rule ELASTIC_Windows_Vulndriver_Marvinhw_37326842 : FILE
 		date = "2022-07-21"
 		modified = "2022-07-21"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5"
 		logic_hash = "f37290912ab7d997d718c074eef48a67a36444e9e97592b6be65855ade2ba246"
 		score = 50
@@ -105081,8 +108975,8 @@ rule ELASTIC_Windows_Vulndriver_Lha_F72Bff9A : FILE
 		date = "2022-04-07"
 		modified = "2022-04-07"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf"
 		logic_hash = "cea05432b47cf14982bda74476c8c8582068c22fe7dec6468c9756c20412dca2"
 		score = 75
@@ -105111,8 +109005,8 @@ rule ELASTIC_Windows_Virus_Neshta_2A5A14C8 : FILE MEMORY
 		date = "2024-01-22"
 		modified = "2024-02-08"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Virus_Neshta.yar#L1-L20"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Virus_Neshta.yar#L1-L20"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "f298214764ee9ab690cb4b376d8a7893edcd9c05a3c4e6f3a56010974a130bd7"
 		logic_hash = "0b5d0603f4c20a2368f697dd84cfe1790a5d0e5904c76066601c9e3d1b5ed1e1"
 		score = 75
@@ -105141,8 +109035,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2908_406C2Fef : FILE MEMORY CVE_2009_2908
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd"
 		logic_hash = "ae379ca7564eb97f141f6ad71ca12973bf1a38cda4bc03e3f4dca1939a9b6b38"
 		score = 75
@@ -105170,8 +109064,8 @@ rule ELASTIC_Linux_Trojan_Sdbot_98628Ea1 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "5568ae1f8a1eb879eb4705db5b3820e36c5ecea41eb54a8eef5b742f477cbdd8"
 		logic_hash = "55b8e3fa755965b85a043015f9303644b8e06fe8bfdc0e2062de75bdc2881541"
 		score = 75
@@ -105199,8 +109093,8 @@ rule ELASTIC_Linux_Downloader_Generic_0Bd15Ae0 : FILE MEMORY
 		date = "2021-01-12"
 		modified = "2021-09-16"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Downloader_Generic.yar#L1-L19"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Downloader_Generic.yar#L1-L19"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "e511efb068e76a4a939c2ce2f2f0a089ef55ca56ee5f2ba922828d23e6181f09"
 		logic_hash = "c9558562d9e9d3b55bd1fba9e55b332e6b4db5a170e0dd349bef1e35f0c7fd21"
 		score = 75
@@ -105228,8 +109122,8 @@ rule ELASTIC_Windows_Trojan_Parallax_D72Ec0E2 : FILE MEMORY
 		date = "2022-09-05"
 		modified = "2022-09-29"
 		reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Parallax.yar#L1-L22"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Parallax.yar#L1-L22"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "6c2c84624912f3b612ae435cf3e8000192a1b168b30205ed4a93b7fab7e336ad"
 		score = 75
 		quality = 75
@@ -105259,8 +109153,8 @@ rule ELASTIC_Windows_Trojan_Parallax_B4Ea4F1A : FILE MEMORY
 		date = "2022-09-08"
 		modified = "2022-09-29"
 		reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Parallax.yar#L24-L55"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Parallax.yar#L24-L55"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		logic_hash = "731fe7bd339ec6b0372b4809004a21f53537bd82f084960b8d018f994dcdc06a"
 		score = 75
 		quality = 42
@@ -105300,8 +109194,8 @@ rule ELASTIC_Linux_Trojan_Merlin_Bbad69B8 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Merlin.yar#L21-L39"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Merlin.yar#L21-L39"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6"
 		logic_hash = "e18079c9f018dc8d7f2fdf5c950b405f9f84ad2a5b18775dbef829fe1cb770c3"
 		score = 75
@@ -105329,8 +109223,8 @@ rule ELASTIC_Linux_Trojan_Merlin_C6097296 : FILE MEMORY
 		date = "2022-09-12"
 		modified = "2022-10-18"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Linux_Trojan_Merlin.yar#L41-L59"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Linux_Trojan_Merlin.yar#L41-L59"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6"
 		logic_hash = "f48ed7f19ab29633600fde4bfea274bf36e7f60d700c9806b334d38a51d28b92"
 		score = 75
@@ -105358,8 +109252,8 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY
 		date = "2021-08-16"
 		modified = "2021-10-04"
 		reference = "https://github.com/elastic/protections-artifacts/"
-		source_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24"
-		license_url = "https://github.com/elastic/protections-artifacts//blob/30ed729a461f99a5d0f26622302d68d1416fabc6/LICENSE.txt"
+		source_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24"
+		license_url = "https://github.com/elastic/protections-artifacts//blob/efd00abcfc634000adf2f245f5bebfb9ea7e067a/LICENSE.txt"
 		hash = "3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac"
 		logic_hash = "d11b117efc10547e77ce8979f8a1d42f34937101e58a0e36228baa37cd30d2aa"
 		score = 75
@@ -105387,7 +109281,7 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY
  * YARA Rule Set
  * Repository Name: R3c0nst
  * Repository: https://github.com/fboldewin/YARA-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2
  * Number of Rules: 26
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -106154,8 +110048,8 @@ rule R3C0NST_ATM_Malware_Xfscashncr : FILE
  * YARA Rule Set
  * Repository Name: CAPE
  * Repository: https://github.com/kevoreilly/CAPEv2
- * Retrieval Date: 2024-06-02
- * Git Commit: 2b49dcbd98e374e169266c040936223d968e6763
+ * Retrieval Date: 2024-06-16
+ * Git Commit: 2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4
  * Number of Rules: 94
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
  *
@@ -106837,8 +110731,8 @@ rule CAPE_Icedid
 		date = "2021-12-16"
 		modified = "2021-12-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/IcedID.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/IcedID.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331"
 		score = 75
 		quality = 45
@@ -106867,8 +110761,8 @@ rule CAPE_Tclient : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/TClient.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/TClient.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d"
 		score = 75
 		quality = 70
@@ -106890,8 +110784,8 @@ rule CAPE_Conti : FILE
 		date = "2021-03-15"
 		modified = "2021-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Conti.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Conti.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848"
 		score = 75
 		quality = 70
@@ -106915,8 +110809,8 @@ rule CAPE_Ursnif : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Ursnif.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Ursnif.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd"
 		score = 75
 		quality = 70
@@ -106945,8 +110839,8 @@ rule CAPE_Kpot : FILE
 		date = "2020-10-19"
 		modified = "2020-10-19"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Kpot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Kpot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f"
 		score = 75
 		quality = 70
@@ -106970,8 +110864,8 @@ rule CAPE_Petrwrap : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/PetrWrap.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/PetrWrap.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968"
 		score = 75
 		quality = 70
@@ -106996,8 +110890,8 @@ rule CAPE_Zerot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/ZeroT.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/ZeroT.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803"
 		score = 75
 		quality = 68
@@ -107023,8 +110917,8 @@ rule CAPE_Lockbit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Lockbit.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Lockbit.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9"
 		score = 75
 		quality = 70
@@ -107050,8 +110944,8 @@ rule CAPE_Emotetloader : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/EmotetLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/EmotetLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773"
 		score = 75
 		quality = 70
@@ -107073,8 +110967,8 @@ rule CAPE_Atlas : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Atlas.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Atlas.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e"
 		score = 75
 		quality = 70
@@ -107098,8 +110992,8 @@ rule CAPE_Doomedloader : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/DoomedLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/DoomedLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77"
 		score = 75
 		quality = 70
@@ -107123,8 +111017,8 @@ rule CAPE_Qakbot5 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/QakBot.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/QakBot.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35"
 		logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf"
 		score = 75
@@ -107150,8 +111044,8 @@ rule CAPE_Qakbot4 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/QakBot.yar#L17-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/QakBot.yar#L17-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f"
 		score = 75
 		quality = 70
@@ -107181,8 +111075,8 @@ rule CAPE_Megacortex : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/MegaCortex.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/MegaCortex.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6"
 		score = 75
 		quality = 70
@@ -107206,8 +111100,8 @@ rule CAPE_Wanacry : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/WanaCry.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/WanaCry.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944"
 		score = 75
 		quality = 70
@@ -107233,8 +111127,8 @@ rule CAPE_Oyster
 		date = "2024-05-30"
 		modified = "2024-05-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Oyster.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Oyster.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650"
 		logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540"
 		score = 75
@@ -107264,8 +111158,8 @@ rule CAPE_Nettraveler : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/NetTraveler.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/NetTraveler.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233"
 		score = 75
 		quality = 70
@@ -107289,8 +111183,8 @@ rule CAPE_Trickbot
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/TrickBot.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/TrickBot.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea"
 		score = 75
 		quality = 70
@@ -107321,8 +111215,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/TrickBot.yar#L22-L38"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/TrickBot.yar#L22-L38"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "491115422a6b94dc952982e6914adc39"
 		logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2"
 		score = 75
@@ -107350,8 +111244,8 @@ rule CAPE_Gandcrab : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Gandcrab.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Gandcrab.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c"
 		score = 75
 		quality = 70
@@ -107376,8 +111270,8 @@ rule CAPE_Rokrat : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/RokRat.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/RokRat.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec"
 		score = 75
 		quality = 70
@@ -107400,8 +111294,8 @@ rule CAPE_Kovter : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Kovter.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Kovter.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d"
 		score = 75
 		quality = 70
@@ -107426,8 +111320,8 @@ rule CAPE_Sedreco : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Sedreco.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Sedreco.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca"
 		score = 75
 		quality = 70
@@ -107451,8 +111345,8 @@ rule CAPE_Squirrelwaffle : FILE
 		date = "2021-10-13"
 		modified = "2021-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500"
 		score = 75
 		quality = 70
@@ -107475,8 +111369,8 @@ rule CAPE_Aurorastealer : FILE
 		date = "2022-12-14"
 		modified = "2023-03-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AuroraStealer.yar#L1-L74"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AuroraStealer.yar#L1-L74"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5"
 		score = 75
 		quality = 45
@@ -107555,8 +111449,8 @@ rule CAPE_Jaff : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Jaff.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Jaff.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418"
 		score = 75
 		quality = 70
@@ -107581,8 +111475,8 @@ rule CAPE_Latrodectus
 		date = "2024-01-18"
 		modified = "2024-01-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Latrodectus.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Latrodectus.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811"
 		logic_hash = "c0a0bbdc865600b78538670cd766b63f8ca1bf223195d0f5c937e5968500ea0e"
 		score = 75
@@ -107608,8 +111502,8 @@ rule CAPE_Locky : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Locky.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Locky.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7"
 		score = 75
 		quality = 70
@@ -107633,8 +111527,8 @@ rule CAPE_Zeuspanda : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/ZeusPanda.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/ZeusPanda.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761"
 		score = 75
 		quality = 70
@@ -107657,8 +111551,8 @@ rule CAPE_Bazar : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Bazar.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Bazar.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d"
 		score = 75
 		quality = 70
@@ -107681,8 +111575,8 @@ rule CAPE_Socks5Systemz : FILE
 		date = "2024-05-22"
 		modified = "2024-05-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Socks5Systemz.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Socks5Systemz.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "44b83b6d2ab39b4258ae0d97d00d02afdbb62a3973fd788584e4dea9db69cc1b"
 		score = 75
 		quality = 70
@@ -107711,8 +111605,8 @@ rule CAPE_Cargobayloader : FILE
 		date = "2023-02-20"
 		modified = "2023-02-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/CargoBayLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/CargoBayLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c"
 		logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9"
 		score = 75
@@ -107736,8 +111630,8 @@ rule CAPE_Scarab : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Scarab.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Scarab.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6"
 		score = 75
 		quality = 70
@@ -107761,8 +111655,8 @@ rule CAPE_Seduploader : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Seduploader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Seduploader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516"
 		score = 75
 		quality = 70
@@ -107784,8 +111678,8 @@ rule CAPE_Stealc : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Stealc.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Stealc.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
 		logic_hash = "90a3a72f53d0c020f1568d7bbf183ee4f76ec3f4706d2331bcbc4e631bf6399d"
 		score = 75
@@ -107809,8 +111703,8 @@ rule CAPE_Doppelpaymer : FILE
 		date = "2022-06-27"
 		modified = "2022-06-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d"
 		score = 75
 		quality = 70
@@ -107833,8 +111727,8 @@ rule CAPE_Darkgate
 		date = "2024-02-26"
 		modified = "2024-02-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/DarkGate.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/DarkGate.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191"
 		score = 75
 		quality = 70
@@ -107861,8 +111755,8 @@ rule CAPE_Badrabbit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/BadRabbit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/BadRabbit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c"
 		score = 75
 		quality = 70
@@ -107886,8 +111780,8 @@ rule CAPE_Nemty : FILE
 		date = "2020-04-03"
 		modified = "2020-04-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Nemty.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Nemty.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419"
 		score = 75
 		quality = 70
@@ -107913,8 +111807,8 @@ rule CAPE_Nighthawk
 		date = "2022-12-05"
 		modified = "2022-12-05"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Nighthawk.yar#L3-L24"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Nighthawk.yar#L3-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2"
 		score = 75
 		quality = 70
@@ -107938,8 +111832,8 @@ rule CAPE_Formbook
 		date = "2023-10-13"
 		modified = "2023-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Formbook.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Formbook.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e"
 		score = 75
 		quality = 70
@@ -107968,8 +111862,8 @@ rule CAPE_Rcsession
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/RCSession.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/RCSession.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d"
 		score = 75
 		quality = 70
@@ -107992,8 +111886,8 @@ rule CAPE_Amadey : FILE
 		date = "2023-09-04"
 		modified = "2023-09-04"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Amadey.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Amadey.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4"
 		logic_hash = "38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48"
 		score = 75
@@ -108018,8 +111912,8 @@ rule CAPE_Bitpaymer : FILE
 		date = "2019-11-27"
 		modified = "2019-11-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/BitPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/BitPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c"
 		score = 75
 		quality = 70
@@ -108042,8 +111936,8 @@ rule CAPE_Rhadamanthys
 		date = "2023-09-18"
 		modified = "2023-09-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Rhadamanthys.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Rhadamanthys.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff"
 		score = 75
 		quality = 70
@@ -108068,8 +111962,8 @@ rule CAPE_Remcos : FILE
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Remcos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Remcos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710"
 		score = 75
 		quality = 68
@@ -108094,8 +111988,8 @@ rule CAPE_Asyncrat : FILE
 		date = "2024-05-23"
 		modified = "2024-05-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AsyncRat.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AsyncRat.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3"
 		score = 75
 		quality = 66
@@ -108123,8 +112017,8 @@ rule CAPE_Asyncrat_Kingrat
 		date = "2024-05-23"
 		modified = "2024-05-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AsyncRat.yar#L19-L40"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AsyncRat.yar#L19-L40"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "2699ef93ae10b205b79025098afc1d1cfe7dbdf192f4d98a6e34a8f3de154810"
 		score = 75
 		quality = 62
@@ -108157,8 +112051,8 @@ rule CAPE_Rozena
 		date = "2024-03-15"
 		modified = "2024-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Rozena.yar#L1-L10"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Rozena.yar#L1-L10"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135"
 		score = 75
 		quality = 70
@@ -108181,8 +112075,8 @@ rule CAPE_Ryuk : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Ryuk.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Ryuk.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c"
 		score = 75
 		quality = 70
@@ -108207,8 +112101,8 @@ rule CAPE_Blister : FILE
 		date = "2023-09-20"
 		modified = "2023-09-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Blister.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Blister.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2"
 		hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c"
 		logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d"
@@ -108236,8 +112130,8 @@ rule CAPE_Lokibot : FILE
 		date = "2022-02-01"
 		modified = "2022-02-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/LokiBot.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/LokiBot.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06"
 		score = 75
 		quality = 70
@@ -108260,8 +112154,8 @@ rule CAPE_Dridexv4 : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/DridexV4.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/DridexV4.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6"
 		score = 75
 		quality = 70
@@ -108287,8 +112181,8 @@ rule CAPE_Dridexloader : FILE
 		date = "2021-03-10"
 		modified = "2021-03-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/DridexLoader.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/DridexLoader.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588"
 		score = 75
 		quality = 70
@@ -108315,8 +112209,8 @@ rule CAPE_Azorult : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Azorult.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Azorult.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90"
 		score = 75
 		quality = 70
@@ -108339,8 +112233,8 @@ rule CAPE_Eternalromance : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/EternalRomance.yar#L1-L33"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/EternalRomance.yar#L1-L33"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d"
 		score = 75
 		quality = 68
@@ -108384,8 +112278,8 @@ rule CAPE_Cerber : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Cerber.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Cerber.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3"
 		score = 75
 		quality = 70
@@ -108407,8 +112301,8 @@ rule CAPE_Agent_Tesla
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be"
 		score = 75
 		quality = 70
@@ -108434,8 +112328,8 @@ rule CAPE_Agenttesla : FILE
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L19-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L19-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188"
 		score = 75
 		quality = 70
@@ -108467,8 +112361,8 @@ rule CAPE_Agentteslav2 : FILE
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L43-L67"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L43-L67"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78"
 		score = 75
 		quality = 70
@@ -108504,8 +112398,8 @@ rule CAPE_Agentteslav3 : FILE
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L69-L111"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L69-L111"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459"
 		score = 75
 		quality = 68
@@ -108558,8 +112452,8 @@ rule CAPE_Agentteslaxor : FILE
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L113-L123"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L113-L123"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5"
 		score = 75
 		quality = 20
@@ -108581,8 +112475,8 @@ rule CAPE_Agentteslav4 : FILE
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L125-L138"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L125-L138"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9"
 		score = 75
 		quality = 70
@@ -108607,8 +112501,8 @@ rule CAPE_Agentteslav4Jit
 		date = "2024-03-22"
 		modified = "2024-03-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/AgentTesla.yar#L140-L153"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/AgentTesla.yar#L140-L153"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc"
 		score = 75
 		quality = 70
@@ -108633,8 +112527,8 @@ rule CAPE_Varenyky : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Varenyky.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Varenyky.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9"
 		score = 75
 		quality = 70
@@ -108656,8 +112550,8 @@ rule CAPE_Masslogger : FILE
 		date = "2020-11-24"
 		modified = "2020-11-24"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/MassLogger.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/MassLogger.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c"
 		score = 75
 		quality = 70
@@ -108680,8 +112574,8 @@ rule CAPE_Arkei : FILE
 		date = "2020-02-11"
 		modified = "2020-02-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Arkei.yar#L1-L24"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Arkei.yar#L1-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3"
 		score = 75
 		quality = 70
@@ -108715,8 +112609,8 @@ rule CAPE_Vidar : FILE
 		date = "2023-04-21"
 		modified = "2023-04-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Vidar.yar#L1-L22"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Vidar.yar#L1-L22"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d"
 		score = 75
 		quality = 70
@@ -108749,8 +112643,8 @@ rule CAPE_Hancitor : FILE
 		date = "2020-10-20"
 		modified = "2020-10-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Hancitor.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Hancitor.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c"
 		score = 75
 		quality = 70
@@ -108775,8 +112669,8 @@ rule CAPE_Dreambot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Dreambot.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Dreambot.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b"
 		score = 75
 		quality = 70
@@ -108801,8 +112695,8 @@ rule CAPE_Ursnifv3 : FILE
 		date = "2023-03-23"
 		modified = "2023-03-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/UrsnifV3.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/UrsnifV3.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8"
 		score = 75
 		quality = 70
@@ -108831,8 +112725,8 @@ rule CAPE_Smokeloader
 		date = "2023-02-06"
 		modified = "2023-02-06"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/SmokeLoader.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/SmokeLoader.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "a2ed982f15a6c687da2fdba216868016722825edf7e8ff6a75f24d81af8276bc"
 		score = 75
 		quality = 70
@@ -108857,8 +112751,8 @@ rule CAPE_Bumblebee : FILE
 		date = "2023-10-02"
 		modified = "2023-10-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/BumbleBee.yar#L35-L50"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/BumbleBee.yar#L35-L50"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee"
 		score = 75
 		quality = 70
@@ -108885,8 +112779,8 @@ rule CAPE_Codoso : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Codoso.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Codoso.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8"
 		score = 75
 		quality = 70
@@ -108910,8 +112804,8 @@ rule CAPE_Carbanak : FILE
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Carbanak.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Carbanak.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84"
 		logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367"
 		score = 75
@@ -108936,8 +112830,8 @@ rule CAPE_Petya : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Petya.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Petya.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014"
 		score = 75
 		quality = 70
@@ -108961,8 +112855,8 @@ rule CAPE_Magniber : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Magniber.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Magniber.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618"
 		score = 75
 		quality = 70
@@ -108984,8 +112878,8 @@ rule CAPE_Nanolocker : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/NanoLocker.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/NanoLocker.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db"
 		score = 75
 		quality = 70
@@ -109009,8 +112903,8 @@ rule CAPE_Zloader : FILE
 		date = "2024-05-06"
 		modified = "2024-05-06"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Zloader.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Zloader.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa"
 		logic_hash = "a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9"
 		score = 75
@@ -109039,8 +112933,8 @@ rule CAPE_Fareit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Fareit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Fareit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83"
 		score = 75
 		quality = 70
@@ -109062,8 +112956,8 @@ rule CAPE_Cobaltstrikestager
 		date = "2023-01-18"
 		modified = "2023-01-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5"
 		score = 75
 		quality = 70
@@ -109088,8 +112982,8 @@ rule CAPE_Azer : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Azer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Azer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5"
 		score = 75
 		quality = 70
@@ -109113,8 +113007,8 @@ rule CAPE_Lumma : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Lumma.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Lumma.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "5b172496e2488cc3e9cdbd5a08229c3691bafba2fcdbdfd2805c7ac58f9c5751"
 		score = 75
 		quality = 70
@@ -109139,8 +113033,8 @@ rule CAPE_Kronos : FILE
 		date = "2020-07-02"
 		modified = "2020-07-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Kronos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Kronos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3"
 		score = 75
 		quality = 70
@@ -109165,8 +113059,8 @@ rule CAPE_Cryptoshield : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Cryptoshield.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Cryptoshield.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6"
 		score = 75
 		quality = 70
@@ -109190,8 +113084,8 @@ rule CAPE_Hermes : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Hermes.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Hermes.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b"
 		score = 75
 		quality = 70
@@ -109215,8 +113109,8 @@ rule CAPE_Buerloader : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/BuerLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/BuerLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29"
 		score = 75
 		quality = 70
@@ -109240,8 +113134,8 @@ rule CAPE_Tscookie : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/TSCookie.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/TSCookie.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3"
 		score = 75
 		quality = 70
@@ -109265,8 +113159,8 @@ rule CAPE_Pikabotloader : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/PikaBot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/PikaBot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231"
 		score = 75
 		quality = 70
@@ -109290,8 +113184,8 @@ rule CAPE_Pikabot : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/PikaBot.yar#L15-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/PikaBot.yar#L15-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7"
 		score = 75
 		quality = 70
@@ -109316,8 +113210,8 @@ rule CAPE_Pik23 : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/PikaBot.yar#L30-L44"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/PikaBot.yar#L30-L44"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1"
 		logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc"
 		score = 75
@@ -109343,8 +113237,8 @@ rule CAPE_Ramnit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Ramnit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Ramnit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd"
 		score = 75
 		quality = 70
@@ -109368,8 +113262,8 @@ rule CAPE_Gootkit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Gootkit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Gootkit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7"
 		score = 75
 		quality = 70
@@ -109391,8 +113285,8 @@ rule CAPE_Mole : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/data/yara/CAPE/Mole.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2b49dcbd98e374e169266c040936223d968e6763/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/data/yara/CAPE/Mole.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/2dc76f9a61ad46f52a8ca7c6cf8a0914b86e4be4/LICENSE"
 		logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786"
 		score = 75
 		quality = 70
@@ -109411,7 +113305,7 @@ rule CAPE_Mole : FILE
  * YARA Rule Set
  * Repository Name: BinaryAlert
  * Repository: https://github.com/airbnb/binaryalert/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b
  * Number of Rules: 78
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -111832,7 +115726,7 @@ rule BINARYALERT_Ransomware_Windows_Petya_Variant_2
  * YARA Rule Set
  * Repository Name: DeadBits
  * Repository: https://github.com/deadbits/yara-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001
  * Number of Rules: 17
  * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance)
@@ -111885,7 +115779,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR
 		description = "No description has been set in the source file - DeadBits"
 		author = "Adam M. Swanda"
 		id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0"
-		date = "2019-11-02"
+		date = "2019-11-16"
 		modified = "2019-12-04"
 		reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/"
 		source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41"
@@ -112603,7 +116497,7 @@ rule DEADBITS_Dacls_Trojan_Linux
  * YARA Rule Set
  * Repository Name: DelivrTo
  * Repository: https://github.com/delivr-to/detections
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: d2dcf7e9566e39655994aa0c5f8fb7a94cae2984
  * Number of Rules: 7
  * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance)
@@ -112784,8 +116678,8 @@ rule DELIVRTO_SUSP_PDF_MHT_Activemime_Sept23 : FILE
  * YARA Rule Set
  * Repository Name: ESET
  * Repository: https://github.com/eset/malware-ioc
- * Retrieval Date: 2024-06-02
- * Git Commit: 21381c70ad030105cf9edb092dfd1cae29753286
+ * Retrieval Date: 2024-06-16
+ * Git Commit: 3d18f6fe36ff39eddc204258096d65263da89de0
  * Number of Rules: 98
  * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance)
  *
@@ -112826,8 +116720,8 @@ private rule ESET_Potaosecondstage_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/potao/PotaoNew.yara#L81-L95"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L81-L95"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "55f9fc2da09aa9c2e76725985c836f7b8ba5e0b69a9327fb911e8265b340b88c"
 		score = 75
 		quality = 28
@@ -112853,8 +116747,8 @@ private rule ESET_Potaousb_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/potao/PotaoNew.yara#L71-L80"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L71-L80"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8f72afbf3b123ea3914b3eade267bd21f7435fbf9fbde4049ca2600513bb31d9"
 		score = 75
 		quality = 28
@@ -112877,8 +116771,8 @@ private rule ESET_Potaodll_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/potao/PotaoNew.yara#L46-L70"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L46-L70"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "1d1154eb10cc70b3252e3ca4a85789e8605f2f3b7044f03ec960fd56ab81886a"
 		score = 75
 		quality = 28
@@ -112915,8 +116809,8 @@ private rule ESET_Potaodecoy_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/potao/PotaoNew.yara#L32-L45"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L32-L45"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "93cbe1d1545d1fb85b3218b68619e67a1dda80d5888d2685a04915b861dfce01"
 		score = 75
 		quality = 28
@@ -112945,8 +116839,8 @@ private rule ESET_IIS_Native_Module_PRIVATE : FILE
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L34-L92"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L34-L92"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "5a388dc3253df606e2648d1f9c018e6dde373bbddce66dba69b7aecdd95bac18"
 		score = 75
 		quality = 55
@@ -113014,8 +116908,8 @@ private rule ESET_Invisimole_Blob_PRIVATE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L34-L52"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L34-L52"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8bddaf874da58fbe6362498f8979b511f39531fe2b98d4be8c099bdafb6d0067"
 		score = 75
 		quality = 80
@@ -113041,8 +116935,8 @@ private rule ESET_Is_Elf_PRIVATE
 		date = "2016-11-01"
 		modified = "2016-11-01"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/moose/linux-moose.yar#L32-L39"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L32-L39"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "2a3c9a875852cd3ce86d43b9e4a6ba786ecbae1f18bba73a3bef5b7e8ba67a3b"
 		score = 75
 		quality = 80
@@ -113065,8 +116959,8 @@ private rule ESET_Not_Ms_PRIVATE
 		date = "2018-09-05"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/turla-outlook.yar#L34-L40"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L34-L40"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "71f492eaa80bee5e8cc5bec67b2a7fd6f5f71ee2594d9f531043747533c80443"
 		score = 75
 		quality = 80
@@ -113086,8 +116980,8 @@ private rule ESET_Apachemodule_PRIVATE
 		date = "2024-04-27"
 		modified = "2024-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/helimod.yar#L3-L30"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L3-L30"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e39667aa137e315bc26eaef791ccab52938fd809"
 		logic_hash = "213fe381aa0bf9f148e488f7af74ac63073776c2868e42d2dcca7fdbca55fabb"
 		score = 75
@@ -113111,8 +117005,8 @@ private rule ESET_Prikormkaearlyversion_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/groundbait/prikormka.yar#L112-L128"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L112-L128"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "681c7fb322953da162c10b76e453aa8ace6673720012383e3cd5528b59b42de3"
 		score = 75
 		quality = 28
@@ -113142,8 +117036,8 @@ private rule ESET_Prikormkamodule_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/groundbait/prikormka.yar#L53-L110"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L53-L110"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d5d7f1a46cbf9ff545c0fa840228d19ee7d45307078b4ae0b5a2fdf1c94d2978"
 		score = 75
 		quality = 26
@@ -113198,8 +117092,8 @@ private rule ESET_Prikormkadropper_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/groundbait/prikormka.yar#L33-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L33-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "cf524cdf4ffeb5c9280c5c8e7fca524c41e1ce4f9bc46b1fc8cb8b50ea68ec39"
 		score = 75
 		quality = 28
@@ -113231,8 +117125,8 @@ rule ESET_Beds_Plugin
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L34-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L34-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "024cb91288f133e4cdf5993ac0477de6de76d38fa06f7affa348c6a28a4600da"
 		score = 75
 		quality = 80
@@ -113256,8 +117150,8 @@ rule ESET_Beds_Dropper
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L53-L67"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L53-L67"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "4b5d121e182e3fddd766a7a1227c5de273995e9336156e7a6e8a17faad681bea"
 		score = 75
 		quality = 80
@@ -113281,8 +117175,8 @@ rule ESET_Facebook_Bot : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L69-L100"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L69-L100"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8ea779f90fa6080398403e3e6f9d342360c35e93c756ed43cb699f090106504e"
 		score = 75
 		quality = 55
@@ -113323,8 +117217,8 @@ rule ESET_Pds_Plugins : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L102-L130"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L102-L130"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "26bbd380b72fb45206178639d67c8737b9984b140ba1048432949e159946c847"
 		score = 75
 		quality = 80
@@ -113363,8 +117257,8 @@ rule ESET_Stantinko_Pdb
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L132-L148"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L132-L148"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "902c0ee086ce1a8def831d2f30c868165198c6c304faac3a93116a524f8e2fbf"
 		score = 75
 		quality = 80
@@ -113391,8 +117285,8 @@ rule ESET_Stantinko_Droppers : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L150-L170"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L150-L170"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "c56fc85834a3e1bb1c14da37fb509c7de3009bf81d52800fe0093dc489f6deaa"
 		score = 75
 		quality = 80
@@ -113420,8 +117314,8 @@ rule ESET_Stantinko_D3D
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L172-L187"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L172-L187"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "4e8da3f11df15e4aa469db62961ae390c4c4df2a5335eec0bdab19b14cc8343d"
 		score = 75
 		quality = 80
@@ -113445,8 +117339,8 @@ rule ESET_Stantinko_Ihctrl32
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L189-L209"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L189-L209"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "1829e08fb2289f738d0e75ad9977169e9a94379da764b1766f23fa47e8bc2543"
 		score = 75
 		quality = 80
@@ -113477,8 +117371,8 @@ rule ESET_Stantinko_Wsaudio
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L211-L233"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L211-L233"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "45d92f1475f316ba50a9a4a3dd519d1186ed16c68bd2debe326736a1e3154562"
 		score = 75
 		quality = 80
@@ -113508,8 +117402,8 @@ rule ESET_Stantinko_Ghstore
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/stantinko/stantinko.yar#L235-L255"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L235-L255"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "e5628d6ffb2d3684264b3a88c4d7b5d2ce8983aa22badf5839ccb8ba2e3ef2d4"
 		score = 75
 		quality = 80
@@ -113538,8 +117432,8 @@ rule ESET_Prikormka
 		date = "2016-05-10"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/groundbait/prikormka.yar#L130-L141"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L130-L141"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "f64195e680fbaefedba248aa15b37ed30ba72f42958cc48963a140165e951bff"
 		score = 75
 		quality = 80
@@ -113561,8 +117455,8 @@ rule ESET_Kobalos
 		date = "2020-11-02"
 		modified = "2021-02-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/kobalos/kobalos.yar#L32-L56"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/kobalos/kobalos.yar#L32-L56"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "9161d22f9fbb1700dc3121e32104240e34512cb280aaf950aec61513f89061ef"
 		score = 75
 		quality = 80
@@ -113593,8 +117487,8 @@ rule ESET_Kobalos_Ssh_Credential_Stealer
 		date = "2020-11-02"
 		modified = "2021-02-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/kobalos/kobalos.yar#L58-L73"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/kobalos/kobalos.yar#L58-L73"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "be238f5c2cc976a5638584a8c0fc580f2076735aadfe374e8d4162ba723bce10"
 		score = 75
 		quality = 80
@@ -113617,8 +117511,8 @@ rule ESET_Linux_Rakos
 		date = "2016-12-13"
 		modified = "2016-12-19"
 		reference = "http://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/rakos/rakos.yar#L33-L53"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/rakos/rakos.yar#L33-L53"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "79a02ada56bf75c5f178b58822eb905977cace3483453ea8cf4dfc32f6b6c30d"
 		score = 75
 		quality = 80
@@ -113647,8 +117541,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Dropper
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L34-L53"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L34-L53"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "45f7300a4b85624ad3fda5c73a24f53f53cb7990def4d84e04dcd8e5747f4f2e"
 		score = 75
 		quality = 80
@@ -113678,8 +117572,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Installer
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L55-L73"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L55-L73"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "9c3afb924747614f27c31cf2c3d98f4932a9d11597a3ac94263bf93be02801da"
 		score = 75
 		quality = 80
@@ -113708,8 +117602,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Downloader
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L75-L107"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L75-L107"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "16030a78ae9af8783f5913644294ceff861c8264ead8ca99435032be6d7949ef"
 		score = 75
 		quality = 80
@@ -113743,8 +117637,8 @@ rule ESET_Apt_Windows_TA410_X4_Strings
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L109-L125"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L109-L125"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d4b2321a6d0eb0ca8d7c47596af2a45c22b3aef15d1832d64d6588a62cab312a"
 		score = 75
 		quality = 74
@@ -113771,8 +117665,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Values : FILE
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L127-L149"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L127-L149"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "bcf3891ff888ca99af9aa0e239b29241ae819022607fb829c5731267add308ea"
 		score = 75
 		quality = 80
@@ -113804,8 +117698,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Fct : FILE
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L151-L187"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L151-L187"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3b2d44cb7685a99e9aeb08f886f6876d43ee99d1e52e40705c3fa97ce3bfa9a0"
 		score = 75
 		quality = 80
@@ -113839,8 +117733,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Decryption : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L189-L254"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L189-L254"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "016dca6be654fcd193acc481e6a998efbb77e7ebd09b26614422be1136dd02c0"
 		score = 75
 		quality = 80
@@ -113916,8 +117810,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Loader : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L256-L309"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L256-L309"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "98390dd664227ad747e5572771d12e7ebd2475d26db27e85508347ac6f44f3bf"
 		score = 75
 		quality = 80
@@ -113981,8 +117875,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L311-L331"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L311-L331"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d17ed604e3691c20fe489f95197b7b802ec951ed13d538fa6643449485b326b2"
 		score = 75
 		quality = 80
@@ -114012,8 +117906,8 @@ rule ESET_Apt_Windows_TA410_Lookback_HTTP : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L333-L349"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L333-L349"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "0e777f56136cd11d62abdf4f120410d5fe9cd522cfc06afbf085414a96279bf7"
 		score = 75
 		quality = 80
@@ -114039,8 +117933,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Magic : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L351-L377"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L351-L377"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "442a08a77fd2db03e507c0d5a32b17ab4e5936a209f7af23ef3c33a4b9f3d0d5"
 		score = 75
 		quality = 80
@@ -114076,8 +117970,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Loader_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L379-L415"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L379-L415"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3c90723e009ffe2603910566ac52a324256676ee3ff128d94427681010e10e8b"
 		score = 75
 		quality = 78
@@ -114120,11 +118014,11 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE
 		description = "Matches the function used to decrypt resources headers in TA410 FlowCloud"
 		author = "ESET Research"
 		id = "403c1845-bc25-5a49-8553-8a0be18d6970"
-		date = "2024-01-02"
+		date = "2024-01-16"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L417-L496"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L417-L496"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "74b6c42bf2de159b2b0a15637e6bd94069367e3000c887714d6e3b50aa3646be"
 		score = 75
 		quality = 80
@@ -114180,8 +118074,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Dll_Hijacking_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L498-L517"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L498-L517"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "e8082d4216364a12ba395f772b5caed94b3068d26a2b3a97ef711d61a82f65b3"
 		score = 75
 		quality = 80
@@ -114211,8 +118105,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Malicious_Dll_Antianalysis : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L519-L552"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L519-L552"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8f14352118d32a43c17f70bd753acc48bd314965f10ab97818e8a434bbda96d9"
 		score = 75
 		quality = 80
@@ -114246,8 +118140,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Pdb : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L554-L567"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L554-L567"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "ff95ab0f8e68efe612a6e0d70cebd8bf815d6b5e3877c098ac0761382dc310d6"
 		score = 75
 		quality = 80
@@ -114269,8 +118163,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Shellcode_Decryption : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L569-L615"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L569-L615"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "939ffe6a41c957aa5d6c012484b2deab49a5e71a4b7e203a41c180f872803921"
 		score = 75
 		quality = 80
@@ -114310,8 +118204,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclient_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L617-L639"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L617-L639"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "c05b7031a5aec1bcf29eca06c010c402edeb24a093a2043dbc21781dff22c7fe"
 		score = 75
 		quality = 80
@@ -114343,8 +118237,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclientdll_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L641-L669"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L641-L669"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3a93f58cf14b57a96157077ec14aa6fb181e3da80f4ba46c0379a58b67c08a0e"
 		score = 75
 		quality = 80
@@ -114382,8 +118276,8 @@ rule ESET_Apt_Windows_TA410_Rootkit_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L671-L697"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L671-L697"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "1d3ad63508c5e4bca32b9a44b738cb4a7384ccfa5704ce329260adb342ea4e60"
 		score = 75
 		quality = 80
@@ -114419,8 +118313,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V5_Resources : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L699-L720"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L699-L720"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "58f75dda53c6d4b3d88f464c452d855ac6dc88add5f4fba2641f52e7a1ae00ed"
 		score = 75
 		quality = 80
@@ -114442,8 +118336,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V4_Resources : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/ta410/ta410.yar#L722-L741"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L722-L741"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "7b475cfddb5f995f7e8e3293b8e6ae59a9e36143998bc444499b5dce467f8e9d"
 		score = 75
 		quality = 80
@@ -114465,8 +118359,8 @@ rule ESET_Helimodproxy
 		date = "2024-04-27"
 		modified = "2024-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/helimod.yar#L32-L54"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L32-L54"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e39667aa137e315bc26eaef791ccab52938fd809"
 		logic_hash = "9e3d57add1042eff41b42f0c8d46ed37af4092d5af4d4b2088b07992a4649bc2"
 		score = 75
@@ -114496,8 +118390,8 @@ rule ESET_Helimodredirect
 		date = "2024-04-27"
 		modified = "2024-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/helimod.yar#L56-L79"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L56-L79"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e39667aa137e315bc26eaef791ccab52938fd809"
 		logic_hash = "1a85cae7ee354e5d96e88781b4e0a49757016d8b64dfb80c07a13b36bf9091e2"
 		score = 75
@@ -114527,8 +118421,8 @@ rule ESET_Helimodsteal
 		date = "2024-04-27"
 		modified = "2024-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/helimod.yar#L81-L105"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L81-L105"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e39667aa137e315bc26eaef791ccab52938fd809"
 		logic_hash = "b94999350300f433f69b77042c641906500b155050f4fdc4bb47bde81dd2bb35"
 		score = 75
@@ -114559,8 +118453,8 @@ rule ESET_Libkeyutils_With_Ctor
 		date = "2024-02-01"
 		modified = "2024-04-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/ebury.yar#L3-L54"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/ebury.yar#L3-L54"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e7debd6e453192ad8376db5bab03ed0d87566591"
 		logic_hash = "c6172aebc67a05fb044b0450aafcc71c7d1fd2831985587d1a9ad53f59e14214"
 		score = 75
@@ -114586,8 +118480,8 @@ rule ESET_Ebury_V1_7_Crypto
 		date = "2023-08-01"
 		modified = "2024-04-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/ebury.yar#L56-L97"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/ebury.yar#L56-L97"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "e7debd6e453192ad8376db5bab03ed0d87566591"
 		logic_hash = "41908951069a472d7528f2f228f3681f008d16a0436e341d339909efc4933e66"
 		score = 75
@@ -114632,8 +118526,8 @@ rule ESET_Onimiki : LINUX_ONIMIKI
 		date = "2014-02-06"
 		modified = "2014-04-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/windigo/windigo-onimiki.yar#L32-L59"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/windigo-onimiki.yar#L32-L59"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "eac30f5c9a9606d1d0e14c55e0532c54976fbb0d2e4f5cd2d9f719b77e07161a"
 		score = 75
 		quality = 80
@@ -114668,8 +118562,8 @@ rule ESET_Sparklinggoblin_Chacha20Loader_Richheader
 		date = "2021-03-30"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/sparklinggoblin/SparklingGoblin.yar#L33-L57"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L33-L57"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "09ffe37a54bc4ebebd8d56098e4c76232f35d821"
 		hash = "29b147b76bb0d9e09f7297487cb972e6a2905586"
 		hash = "33f2c3de2457b758fc5824a2b253ad7c7c2e9e37"
@@ -114697,8 +118591,8 @@ rule ESET_Sparklinggoblin_Chacha20 : FILE
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/sparklinggoblin/SparklingGoblin.yar#L59-L368"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L59-L368"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -115010,8 +118904,8 @@ rule ESET_Sparklinggoblin_Etweventwrite
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/sparklinggoblin/SparklingGoblin.yar#L370-L463"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L370-L463"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -115108,8 +119002,8 @@ rule ESET_Sparklinggoblin_Mutex
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/sparklinggoblin/SparklingGoblin.yar#L465-L489"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L465-L489"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -115138,8 +119032,8 @@ rule ESET_Mozi_Killswitch : FILE
 		date = "2023-09-29"
 		modified = "2023-10-31"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/mozi/mozi.yar#L32-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/mozi/mozi.yar#L32-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "90eaed2f7f5595b145b2678a46ef6179082192215369fa9235024b0ce1574a49"
 		score = 75
 		quality = 80
@@ -115167,8 +119061,8 @@ rule ESET_Generic_Carbon : FILE
 		date = "2017-03-30"
 		modified = "2017-03-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/carbon.yar#L33-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/carbon.yar#L33-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "6481ccafb7c7c78bc52d01881cb96f3aa6209fdd35e090bdc9d5f5105b4e38ea"
 		score = 75
 		quality = 80
@@ -115195,8 +119089,8 @@ rule ESET_Carbon_Metadata
 		date = "2017-03-30"
 		modified = "2017-03-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/carbon.yar#L53-L69"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/carbon.yar#L53-L69"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "81b59e9566f3b3356acf12dadb80abdcbee28e0b1a9efead66fcb95bf6fc1aa5"
 		score = 75
 		quality = 80
@@ -115218,8 +119112,8 @@ rule ESET_Turla_Outlook_Gen
 		date = "2018-05-09"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/turla-outlook.yar#L42-L74"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L42-L74"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "f709e517e9d957775601670c426cc9def1c4104cb1ff647d269800d2af4372c7"
 		score = 75
 		quality = 78
@@ -115263,8 +119157,8 @@ rule ESET_Turla_Outlook_Filenames
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/turla-outlook.yar#L76-L91"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L76-L91"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3be86c9325de6634c032321beed131fdf1e1952afcb43258fb202d0097610501"
 		score = 75
 		quality = 80
@@ -115291,8 +119185,8 @@ rule ESET_Turla_Outlook_Log
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/turla-outlook.yar#L93-L107"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L93-L107"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "e7dc00c33a643c0940aaea2096d099192b27df3c81c518f1dc2b3d45a0a74312"
 		score = 75
 		quality = 80
@@ -115317,8 +119211,8 @@ rule ESET_Turla_Outlook_Exports
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/turla-outlook.yar#L109-L125"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L109-L125"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "a961fdb43ea1e99b308f55b8f5e264b1f3fa817eaf463d512e2ad8b98a18ee99"
 		score = 75
 		quality = 80
@@ -115340,8 +119234,8 @@ rule ESET_Gazer_Certificate_Subject
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/gazer.yar#L33-L46"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L33-L46"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "6e870c9cdcee33769162de62ea143ff401af50b22a63d2f212c44d06f5771dec"
 		score = 75
 		quality = 80
@@ -115363,8 +119257,8 @@ rule ESET_Gazer_Certificate : FILE
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/gazer.yar#L48-L65"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L48-L65"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "eb3afbaefd23d4fc6ded494d3378dc910a0832b160e733ab79c590128dd74cea"
 		score = 75
 		quality = 80
@@ -115390,8 +119284,8 @@ rule ESET_Gazer_Logfile_Name : FILE
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/turla/gazer.yar#L67-L85"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L67-L85"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "b50553f4b4b07f124e5bd390e7dc8ac6b60a8ef185f3bc227894f957d6483478"
 		score = 75
 		quality = 80
@@ -115416,8 +119310,8 @@ rule ESET_Dino
 		date = "2015-07-14"
 		modified = "2015-08-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/animalfarm/animalfarm.yar#L73-L96"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/animalfarm/animalfarm.yar#L73-L96"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "898e527eb8b05050135dee7cbe974100710a1a3a6a5cb8eb03563ee1c0aca01f"
 		score = 75
 		quality = 80
@@ -115449,8 +119343,8 @@ rule ESET_Moose_1
 		date = "2015-04-21"
 		modified = "2016-11-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/moose/linux-moose.yar#L41-L76"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L41-L76"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8bedac80a1f754ce56294ba9786b62a002aacd074f756724401efc61def127e6"
 		score = 75
 		quality = 30
@@ -115494,8 +119388,8 @@ rule ESET_Moose_2
 		date = "2016-10-02"
 		modified = "2016-11-01"
 		reference = "http://www.welivesecurity.com/2016/11/02/linuxmoose-still-breathing/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/moose/linux-moose.yar#L78-L110"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L78-L110"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3f50d2d81d4c27e44d93804adcf93971017767ed0e020447cdb343931c2fbc43"
 		score = 75
 		quality = 80
@@ -115539,8 +119433,8 @@ rule ESET_Apt_Windows_Invisimole_Logs : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L54-L77"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L54-L77"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d42423ccc768f1823c76d5cb2aec26434c796fc35bd4e2fbf435fcf7997d3ff0"
 		score = 75
 		quality = 80
@@ -115562,8 +119456,8 @@ rule ESET_Apt_Windows_Invisimole_SFX_Dropper : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L79-L95"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L79-L95"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "6ca248d42c1e889988e5931d80df071cb20e623fb0c4a208044cabe073f71ce4"
 		score = 75
 		quality = 80
@@ -115588,8 +119482,8 @@ rule ESET_Apt_Windows_Invisimole_CPL_Loader : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L97-L118"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L97-L118"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "cd5c19e14faa7fd3758b30193ccf2bed3692ad29d8216466523ca25d2abcfe88"
 		score = 75
 		quality = 80
@@ -115620,8 +119514,8 @@ rule ESET_Apt_Windows_Invisimole_Wrapper_DLL
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L120-L138"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L120-L138"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "156bc5bc7b0ed5c77a5a15e7799a3077d40150896476a60935cf21a9afe36856"
 		score = 75
 		quality = 80
@@ -115643,8 +119537,8 @@ rule ESET_Apt_Windows_Invisimole_DNS_Downloader : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L140-L170"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L140-L170"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "88d6ed7ec1331153d19afc18473a4be2b214ad8af29fcf7051a2a8e40e088231"
 		score = 75
 		quality = 80
@@ -115682,8 +119576,8 @@ rule ESET_Apt_Windows_Invisimole_RC2CL_Backdoor : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L172-L213"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L172-L213"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "c38550023515d33eaaf0669cc8b874bcfd09653a07c7edbf72e3344d1cf31541"
 		score = 75
 		quality = 78
@@ -115729,8 +119623,8 @@ rule ESET_Apt_Windows_Invisimole : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L215-L255"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L215-L255"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "7a2cff9febe77d718089ba4e1a33f3487594588892e418cec685bf22b156fa2b"
 		score = 75
 		quality = 80
@@ -115763,8 +119657,8 @@ rule ESET_Apt_Windows_Invisimole_C2 : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/invisimole/invisimole.yar#L257-L297"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L257-L297"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "aff8456ce7a9ebe875c02e51c09b77ee7b1fddfc11d4ad236e12c8c5240a01a8"
 		score = 75
 		quality = 78
@@ -115811,8 +119705,8 @@ rule ESET_Keydnap_Downloader
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/keydnap/keydnap.yar#L33-L49"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L33-L49"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "71c8885193a92fa9c71055c37e629a54d50070cf6820b9216a824ecc4db2ce3c"
 		score = 75
 		quality = 80
@@ -115836,8 +119730,8 @@ rule ESET_Keydnap_Backdoor_Packer
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/keydnap/keydnap.yar#L51-L67"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L51-L67"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "b1740bf38376be81d3b42306c2ce81f578c0b5c9db804f063836bf98f57ed147"
 		score = 75
 		quality = 80
@@ -115861,8 +119755,8 @@ rule ESET_Keydnap_Backdoor
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/keydnap/keydnap.yar#L69-L86"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L69-L86"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "fa209577a562ef9088d3ad3df3fbc0edda96f09d19177842f0ddea42c658f530"
 		score = 75
 		quality = 80
@@ -115890,8 +119784,8 @@ rule ESET_IIS_Group02
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L134-L155"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L134-L155"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "3fa2b8fed3c580f446b55412a920a5cfed2317b06aa93d059e9f89fdbec8f683"
 		score = 75
 		quality = 76
@@ -115921,8 +119815,8 @@ rule ESET_IIS_Group03
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L157-L176"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L157-L176"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d811c2ac610780bf968e86e8fd302cffc9434902e547399d06fdeb30d1719f51"
 		score = 75
 		quality = 80
@@ -115950,8 +119844,8 @@ rule ESET_IIS_Group04_Rgdoor
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L178-L199"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L178-L199"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "be615dc0cc8bf0fd52cc5a88a3759c1cb1cd18703de74d16f5cce3eabccf91c6"
 		score = 75
 		quality = 80
@@ -115980,8 +119874,8 @@ rule ESET_IIS_Group05_Iistealer
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L201-L232"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L201-L232"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "5dff445121fda59df805d6fcb5db3f8f8e52a6e63e2da2a6875f8c9ad9cafc72"
 		score = 75
 		quality = 80
@@ -116017,8 +119911,8 @@ rule ESET_IIS_Group06_ISN
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L234-L259"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L234-L259"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "2f59034a642a9b92fc88922433cd5923be02332159cba5e16d99d9523ed43205"
 		score = 75
 		quality = 80
@@ -116051,8 +119945,8 @@ rule ESET_IIS_Group07_Iispy
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L261-L296"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L261-L296"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "ec5db5f36d06f9b0bdfe598fc72431da35afc1473dcc29f437a0f48ea9835a03"
 		score = 75
 		quality = 80
@@ -116091,8 +119985,8 @@ rule ESET_IIS_Group08
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L298-L337"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L298-L337"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "d5826d454d25ecbbb5da464da974023a247517d873cf10dc0eafa91e185451da"
 		score = 75
 		quality = 53
@@ -116139,8 +120033,8 @@ rule ESET_IIS_Group09
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L339-L387"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L339-L387"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "5f89f9488221b8db8d493b3c23b7f5edd957c15511148eca890558886c128192"
 		score = 75
 		quality = 76
@@ -116195,8 +120089,8 @@ rule ESET_IIS_Group10
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L389-L423"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L389-L423"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "48701168d7da726222227ef757f1a4005a49c0bf300123319ce03db09445b3ef"
 		score = 75
 		quality = 80
@@ -116238,8 +120132,8 @@ rule ESET_IIS_Group11
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L425-L455"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L425-L455"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "a67b6b49b5fc2c7f260c06201c59478f5472de63091c510af82d526c410abb0c"
 		score = 75
 		quality = 80
@@ -116270,8 +120164,8 @@ rule ESET_IIS_Group12
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L457-L495"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L457-L495"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "8da03328e3702aff8ea5de77fc220f326030c31972d27c0bd9b5918dca550aba"
 		score = 75
 		quality = 78
@@ -116316,8 +120210,8 @@ rule ESET_IIS_Group13_Iiserpent
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L497-L523"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L497-L523"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "7077b842c53ee1581ad4150cdfaac3502bfc0fbd3b823190ad648e09f36e442d"
 		score = 75
 		quality = 80
@@ -116352,8 +120246,8 @@ rule ESET_IIS_Group14
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/badiis/badiis.yar#L525-L552"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L525-L552"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "ef10a4dfb1a9164533677416a7c9ada715ce10bfc1e5f92b56cf54bd890d4575"
 		score = 75
 		quality = 80
@@ -116385,8 +120279,8 @@ rule ESET_Potao
 		date = "2015-07-29"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/potao/PotaoNew.yara#L96-L108"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L96-L108"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "c68addb14f7c22cec0c4d58bfffd373b2e3eb5c53a5b65532c84574e073fcbba"
 		score = 75
 		quality = 80
@@ -116408,8 +120302,8 @@ rule ESET_Mumblehard_Packer
 		date = "2015-04-07"
 		modified = "2015-05-01"
 		reference = "http://www.welivesecurity.com"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/mumblehard/mumblehard_packer.yar#L32-L47"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/mumblehard/mumblehard_packer.yar#L32-L47"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		logic_hash = "a04f50a7054c4ce8ad9be4e7f3373ad4f36eb9443e223601974e852c25603f5f"
 		score = 75
 		quality = 80
@@ -116435,8 +120329,8 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023
 		date = "2023-03-31"
 		modified = "2023-04-19"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23"
-		license_url = "https://github.com/eset/malware-ioc/blob/21381c70ad030105cf9edb092dfd1cae29753286/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23"
+		license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE"
 		hash = "3b88cda62cdd918b62ef5aa8c5a73a46f176d18b"
 		hash = "cad1120d91b812acafef7175f949dd1b09c6c21a"
 		hash = "5b03294b72c0caa5fb20e7817002c600645eb475"
@@ -116453,7 +120347,7 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023
  * YARA Rule Set
  * Repository Name: FireEye-RT
  * Repository: https://github.com/mandiant/red_team_tool_countermeasures/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b
  * Number of Rules: 168
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -121189,7 +125083,7 @@ rule FIREEYE_RT_APT_Backdoor_Win_GORAT_2 : FILE
  * YARA Rule Set
  * Repository Name: GCTI
  * Repository: https://github.com/chronicle/GCTI
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb
  * Number of Rules: 90
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -124406,7 +128300,7 @@ rule GCTI_Sliver_Implant_32Bit
  * YARA Rule Set
  * Repository Name: Malpedia
  * Repository: https://github.com/malpedia/signator-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: fbacfc09b84d53d410385e66a8e56f25016c588a
  * Number of Rules: 1382
  * Skipped: 0 (age), 15 (quality), 0 (score), 0 (importance)
@@ -181884,7 +185778,7 @@ rule MALPEDIA_Win_Boaxxe_Auto : FILE
  * YARA Rule Set
  * Repository Name: Trellix ARC
  * Repository: https://github.com/advanced-threat-research/Yara-Rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: fc51a3fe3b450838614a5a5aa327c6bd8689cbb2
  * Number of Rules: 162
  * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -187801,7 +191695,7 @@ rule TRELLIX_ARC_Lockergogaransomware : RANSOMWARE FILE
  * YARA Rule Set
  * Repository Name: Arkbird SOLG
  * Repository: https://github.com/StrangerealIntel/DailyIOC
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7
  * Number of Rules: 214
  * Skipped: 0 (age), 10 (quality), 0 (score), 0 (importance)
@@ -194904,7 +198798,7 @@ rule ARKBIRD_SOLG_Ran_Loader_Hades_Dec_2020_1 : FILE
  * YARA Rule Set
  * Repository Name: Telekom Security
  * Repository: https://github.com/telekom-security/malware_analysis/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c
  * Number of Rules: 12
  * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -195272,9 +199166,9 @@ rule TELEKOM_SECURITY_Win_Iceid_Core_202104 : FILE
  * YARA Rule Set
  * Repository Name: Volexity
  * Repository: https://github.com/volexity/threat-intel
- * Retrieval Date: 2024-06-02
- * Git Commit: 62e031ea574efde68dac7d38dc23438466a5302b
- * Number of Rules: 72
+ * Retrieval Date: 2024-06-16
+ * Git Commit: cb213e6d64022494a2ae7a9e65dfbf254a99b144
+ * Number of Rules: 82
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
  *
  *
@@ -195299,8 +199193,8 @@ rule VOLEXITY_Apt_Win_Bluelight_B : INKYSQUID
 		date = "2021-06-21"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L1-L100"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L1-L100"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "a6e83ca2ae15f1a7819f065449f84166da401739d091565605d62ebba3d47a50"
 		score = 75
 		quality = 55
@@ -195397,8 +199291,8 @@ rule VOLEXITY_Apt_Win_Bluelight : INKYSQUID
 		date = "2021-04-23"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L102-L132"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L102-L132"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "52589348f42aadbe453ad8a40ac36b58fcc9e07cd298486f09b6f793823d8cc7"
 		score = 75
 		quality = 80
@@ -195437,8 +199331,8 @@ rule VOLEXITY_Trojan_Win_Backwash_Cpp : XEGROUP
 		date = "2021-11-17"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L3-L20"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L3-L20"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "c8ed2d3103aa85363acd7f5573aeb936a5ab5a3bacbcf1f04e6b298299f24dae"
 		score = 75
 		quality = 80
@@ -195466,8 +199360,8 @@ rule VOLEXITY_Trojan_Win_Iis_Shellsave : XEGROUP
 		date = "2021-11-17"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L22-L40"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L22-L40"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "f34d6f4ecaa4cde5965f6b0deac55c7133a2be96f5c466f34775be6e7f730493"
 		score = 75
 		quality = 80
@@ -195496,8 +199390,8 @@ rule VOLEXITY_Trojan_Backwash_Iis_Scout : XEGROUP
 		date = "2021-11-17"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L42-L66"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L42-L66"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "18c4e338905ff299d75534006037e63a8f9b191f062cc97b0592245518015f88"
 		score = 75
 		quality = 80
@@ -195532,8 +199426,8 @@ rule VOLEXITY_Web_Js_Xeskimmer : XEGROUP
 		date = "2021-11-17"
 		modified = "2021-12-07"
 		reference = "https://github.com/MBThreatIntel/skimmers/blob/master/null_gif_skimmer.js"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L68-L97"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L68-L97"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "cc46e9fab5f408fde13c3897d378a1a2e4acb448f40ca4935c19024ebdc252d7"
 		score = 75
 		quality = 80
@@ -195565,8 +199459,8 @@ rule VOLEXITY_Trojan_Win_Xe_Backwash : XEGROUP FILE
 		date = "2020-09-04"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L99-L129"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L99-L129"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "815d262d38a26d5695606d03d5a1a49b9c00915ead1d8a2c04eb47846100e93f"
 		logic_hash = "cabe7d17017c95943b7ae9d1827b3a5cb8ed3b02506222367498a73fec8d0914"
 		score = 75
@@ -195598,8 +199492,8 @@ rule VOLEXITY_Trojan_Win_Pngexe : XEGROUP FILE
 		date = "2020-09-04"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L132-L159"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L132-L159"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "72f7d4d3b9d2e406fa781176bd93e8deee0fb1598b67587e1928455b66b73911"
 		logic_hash = "05ab554eaf208ff0f5fde37b835c92e55bf0de21bd2700fdd31d81ba338cbdc7"
 		score = 75
@@ -195627,8 +199521,8 @@ rule VOLEXITY_Trojan_Win_Backwash_Iis : XEGROUP
 		date = "2020-09-04"
 		modified = "2021-12-07"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-12-06 - XEGroup/indicators/yara.yar#L161-L184"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-12-06 - XEGroup/indicators/yara.yar#L161-L184"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "98e39573a3d355d7fdf3439d9418fdbf4e42c2e03051b5313d5c84f3df485627"
 		logic_hash = "95a7f9e0afb031b49cd0da66b5a887d26ad2e06cce625bc45739b4a80e96ce9c"
 		score = 75
@@ -195660,8 +199554,8 @@ rule VOLEXITY_Apt_Win_Flipflop_Ldr : APT29
 		date = "2021-05-25"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L3-L19"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L3-L19"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330"
 		logic_hash = "a79d2b0700ae14f7a2af23c8f7df3df3564402b1137478008ccabefea0f543ad"
 		score = 75
@@ -195688,8 +199582,8 @@ rule VOLEXITY_Trojan_Win_Cobaltstrike : COMMODITY
 		date = "2021-05-25"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L21-L41"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L21-L41"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "b041efb8ba2a88a3d172f480efa098d72eef13e42af6aa5fb838e6ccab500a7c"
 		logic_hash = "1e8a68050ff25f77e903af2e0a85579be1af77c64684e42e8f357eee4ae59377"
 		score = 75
@@ -195720,8 +199614,8 @@ rule VOLEXITY_Apt_Win_Freshfire : APT29
 		date = "2021-05-27"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L43-L67"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L43-L67"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "ad67aaa50fd60d02f1378b4155f69cffa9591eaeb80523489a2355512cc30e8c"
 		logic_hash = "69cd73f5812ba955c1352fb1552774d5cf49019d6b65a304fd1e33f852e678ba"
 		score = 75
@@ -195748,8 +199642,8 @@ rule VOLEXITY_Apt_Rb_Rokrat_Loader : INKYSQUID
 		date = "2021-06-22"
 		modified = "2021-09-02"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L1-L25"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L1-L25"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "30ae14fd55a3ab60e791064f69377f3b9de9b871adfd055f435df657f89f8007"
 		score = 75
 		quality = 80
@@ -195779,8 +199673,8 @@ rule VOLEXITY_Apt_Py_Bluelight_Ldr : INKYSQUID
 		date = "2021-06-22"
 		modified = "2021-09-02"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L27-L45"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L27-L45"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "e7e18a6d648b1383706439ba923335ac4396f6b5d2a3dc8f30f63ded7df29eda"
 		score = 75
 		quality = 80
@@ -195807,8 +199701,8 @@ rule VOLEXITY_Apt_Win_Decrok : INKYSQUID
 		date = "2021-06-23"
 		modified = "2021-09-02"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L47-L67"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L47-L67"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "6a452d088d60113f623b852f33f8f9acf0d4197af29781f889613fed38f57855"
 		logic_hash = "47fa03e95ac17ba7195858cd63b1769e5d56ab8a5edf872b345989b767050b87"
 		score = 75
@@ -195834,8 +199728,8 @@ rule VOLEXITY_Apt_Win_Rokload : INKYSQUID
 		date = "2021-06-23"
 		modified = "2021-09-02"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L69-L83"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L69-L83"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "85cd5c3bb028fe6931130ccd5d0b0c535c01ce2bcda660a3b72581a1a5382904"
 		logic_hash = "8d65d32fd5bc055ca0e3831d3db88299e7c99f8547a170d3c53ec2c4001496a3"
 		score = 75
@@ -195858,8 +199752,8 @@ rule VOLEXITY_Webshell_Aspx_Simpleseesharp : WEBSHELL UNCLASSIFIED FILE
 		date = "2021-03-01"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L1-L19"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L1-L19"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "893cd3583b49cb706b3e55ecb2ed0757b977a21f5c72e041392d1256f31166e2"
 		logic_hash = "6f62249a68bae94e5cbdb4319ea5cde9dc071ec7a4760df3aafe78bc1e072c30"
 		score = 75
@@ -195883,8 +199777,8 @@ rule VOLEXITY_Webshell_Aspx_Regeorgtunnel : WEBSHELL COMMODITY
 		date = "2021-03-01"
 		modified = "2021-09-01"
 		reference = "https://github.com/sensepost/reGeorg/blob/master/tunnel.aspx"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L21-L43"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L21-L43"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "406b680edc9a1bb0e2c7c451c56904857848b5f15570401450b73b232ff38928"
 		logic_hash = "ea3d0532cb609682922469e8272dc8061efca3b3ae27df738ef2646e30404c6f"
 		score = 75
@@ -195913,8 +199807,8 @@ rule VOLEXITY_Webshell_Aspx_Sportsball : WEBSHELL
 		date = "2021-03-01"
 		modified = "2021-09-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L45-L68"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L45-L68"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "2fa06333188795110bba14a482020699a96f76fb1ceb80cbfa2df9d3008b5b0a"
 		logic_hash = "4f90d727db91a93f53d08d2134f57bd03e7e2367aec3d78d275cfd192d7fb928"
 		score = 75
@@ -195944,8 +199838,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Persistence_Batch : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L1-L19"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L1-L19"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "9c3a45b759516959eae1cdf8e73bf540b682c90359a6232aa4782a8d1fe15b7d"
 		score = 75
 		quality = 80
@@ -195973,8 +199867,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Memonly : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L20-L65"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L20-L65"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "d790ff204e4e8adeb3e887d9ebce743e958b523c48317d017487b1b0c6aebc11"
 		score = 75
 		quality = 78
@@ -196024,8 +199918,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Logmessage : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L66-L79"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L66-L79"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "539c9a8b3de24f2c8058d204900344756a8031822ebebc312612b8fb8422e341"
 		score = 75
 		quality = 80
@@ -196048,8 +199942,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Lnk : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L80-L97"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L80-L97"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "da53aeaf69e80f697068779f4741b8c23cff82dd1bfb0640916a1bcc98c4892f"
 		score = 75
 		quality = 80
@@ -196075,8 +199969,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Decrypt_Function : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L98-L121"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L98-L121"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "d022e363464488836a1c161f2b9c7463ac91ae6f60f14dfd574189233201c9aa"
 		score = 75
 		quality = 80
@@ -196106,8 +200000,8 @@ rule VOLEXITY_Apt_Win_Powerstar : CHARMINGKITTEN
 		date = "2021-10-13"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L122-L150"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L122-L150"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "2cbf59eaee60a8f84b1ac35cec3b01592a2a0f56c92a2db218bb26a15be24bf3"
 		score = 75
 		quality = 80
@@ -196138,8 +200032,8 @@ rule VOLEXITY_Apt_Malware_Apk_Badbazaar_Common_Certificate : EVILBAMBOO FILE
 		date = "2023-06-01"
 		modified = "2023-06-13"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L230-L255"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L230-L255"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "861d4e1c40847c6ade04eddb047370d645afea6d5c16d55155fa58a16111c39e"
 		score = 75
 		quality = 80
@@ -196170,8 +200064,8 @@ rule VOLEXITY_Apt_Malware_Apk_Badbazaar_Stage2_Implant_May23 : EVILBAMBOO FILE
 		date = "2023-05-25"
 		modified = "2023-08-30"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L257-L285"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L257-L285"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "2186369298ebfa0b892ecb14ebacc93c6d14c9c35012e8e6cdff077634cf3773"
 		score = 75
 		quality = 80
@@ -196205,8 +200099,8 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask_Str_Array_Variant : EVILBAMBOO FILE
 		date = "2023-06-27"
 		modified = "2023-09-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L408-L444"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L408-L444"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "0ae7c96e0f866f21d66d7a23bf937d6ce48c9dd1ea19142dbb13487208780146"
 		score = 75
 		quality = 80
@@ -196246,8 +200140,8 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask : EVILBAMBOO FILE
 		date = "2023-06-15"
 		modified = "2023-09-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L446-L472"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L446-L472"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "64315ac05049954d36297a616a25ffdd7ce81c6313c0878d5ba4082da24c21bb"
 		score = 75
 		quality = 80
@@ -196278,8 +200172,8 @@ rule VOLEXITY_Apt_Ico_Uta0040_B64_C2 : UTA0040 FILE
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L1-L31"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L1-L31"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "2667a36ce151c6e964f9ce9a6f587eedbffdd6ec76e451a23c5cfdd08248d15e"
 		score = 75
 		quality = 80
@@ -196304,8 +200198,8 @@ rule VOLEXITY_Apt_Mac_Iconic : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L32-L50"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L32-L50"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "7b689c3931632b01869ac2f21a1edca0a5ca9007299fe7cd16962d6866c27558"
 		score = 75
 		quality = 80
@@ -196331,8 +200225,8 @@ rule VOLEXITY_Apt_Win_Iconicstealer : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L51-L69"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L51-L69"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "ed7731d2361e7d96a6a35f8359b61a2af049b16bc457cf870db8831e142aebe2"
 		score = 75
 		quality = 80
@@ -196358,8 +200252,8 @@ rule VOLEXITY_Apt_Win_Iconic : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L70-L93"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L70-L93"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "b62b1543c9af3afb8fc885f313e1a5d2fcb688657e3807cce72b31b56381681e"
 		score = 75
 		quality = 55
@@ -196389,8 +200283,8 @@ rule VOLEXITY_Apt_Win_3Cx_Backdoored_Lib : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L94-L133"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L94-L133"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "40be2d46a318ff03724ea1f6628d78001c14c85a3ae6d032c0324ea849d707f2"
 		score = 75
 		quality = 80
@@ -196437,8 +200331,8 @@ rule VOLEXITY_Informational_Win_3Cx_Msi : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-30 3CX/indicators/rules.yar#L134-L152"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-30 3CX/indicators/rules.yar#L134-L152"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "c04de2653ef587f27c7ebf058c6f6c345e16b67f36ccc4306bc49f8c4394728e"
 		score = 75
 		quality = 80
@@ -196464,8 +200358,8 @@ rule VOLEXITY_Apt_Win_Avburner : SNAKECHARMER
 		date = "2023-01-02"
 		modified = "2023-03-07"
 		reference = "https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2023/2023-03-07 AVBurner/yara.yar#L1-L36"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2023/2023-03-07 AVBurner/yara.yar#L1-L36"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb"
 		logic_hash = "56ff6c8a4b737959a1219699a0457de1f0c34fead4299033840fb23c56a0caad"
 		score = 75
@@ -196493,6 +200387,330 @@ rule VOLEXITY_Apt_Win_Avburner : SNAKECHARMER
 	condition:
 		all of ($api*) or all of ($str*) or all of ($pattern*)
 }
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Modules : UTA0137 FILE MEMORY
+{
+	meta:
+		description = "Detects DISGOMOJI modules based on strings in the ELF."
+		author = "threatintel@volexity.com"
+		id = "b9e4ecdc-9b02-546f-9b79-947cb6b1f99a"
+		date = "2024-02-22"
+		modified = "2024-02-27"
+		reference = "TIB-20240228"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L1-L23"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "7880288e3230b688b780bdfbac2b0761fd7831b7df233672c2242c21a86e1297"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE, MEMORY"
+		hash1 = "2abaae4f6794131108adf5b42e09ee5ce24769431a0e154feabe6052cfe70bf3"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10270
+		version = 3
+
+	strings:
+		$s1 = "discord-c2/test/main/finalizing/Deliveries/ob_Delivery.go" wide ascii
+		$s2 = "discord-c2/test/main/finalizing/WAN_Conf.go" wide ascii
+
+	condition:
+		any of them
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Loader : UTA0137 FILE MEMORY
+{
+	meta:
+		description = "Detects the DISGOMOJI loader using strings in the ELF."
+		author = "threatintel@volexity.com"
+		id = "6d7848db-f1a5-5ccc-977a-7597b966a31c"
+		date = "2024-02-22"
+		modified = "2024-02-27"
+		reference = "TIB-20240228"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L25-L46"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "d9be4846bab5fffcfd60eaec377443819404f30ec088905c2ee26bd3b7525832"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE, MEMORY"
+		hash1 = "51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10269
+		version = 3
+
+	strings:
+		$s1 = "discord-c2/test/main/delievery.go" wide ascii
+
+	condition:
+		$s1
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Debug_String : UTA0137 FILE MEMORY
+{
+	meta:
+		description = "Detects the DISGOMOJI malware using strings in the ELF."
+		author = "threatintel@volexity.com"
+		id = "a1bbf285-a8ad-5877-ae2a-a7dd5e61cf46"
+		date = "2024-02-22"
+		modified = "2024-02-27"
+		reference = "TIB-20240228"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L48-L69"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "030d8044b5d17ba8786ff7a4d6ac0282bc0b0e193ad89a3e84b5ba44505e5be5"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE, MEMORY"
+		hash1 = "d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10268
+		version = 5
+
+	strings:
+		$s1 = "discord-c2/test/main/payload.go" wide ascii
+
+	condition:
+		$s1
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_2 : UTA0137 FILE MEMORY
+{
+	meta:
+		description = "Detects the DISGOMOJI malware using strings in the ELF."
+		author = "threatintel@volexity.com"
+		id = "609beb47-5e93-5f69-b89d-2cf62f20851a"
+		date = "2024-02-22"
+		modified = "2024-02-27"
+		reference = "TIB-20240228"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L71-L101"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "e03a774cca2946c1becdbd775ef465033dae089d578ea18a4f43fd7bdae9168e"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE, MEMORY"
+		hash1 = "d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10266
+		version = 5
+
+	strings:
+		$s1 = "downloadFileFromURL" wide ascii
+		$s2 = "createCronJob" wide ascii
+		$s3 = "findAndSendFiles" wide ascii
+		$s4 = "updateLogFile" wide ascii
+		$s5 = "handleZipFile" wide ascii
+		$s6 = "takeScreenshot" wide ascii
+		$s7 = "zipFirefoxProfile" wide ascii
+		$s8 = "zipDirectoryWithParts" wide ascii
+		$s9 = "uploadAndSendToOshi" wide ascii
+		$s10 = "uploadAndSendToLeft" wide ascii
+
+	condition:
+		7 of them
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_1 : UTA0137 FILE MEMORY
+{
+	meta:
+		description = "Detects the DISGOMOJI malware using strings in the ELF."
+		author = "threatintel@volexity.com"
+		id = "f6643e9a-ca41-57e0-9fce-571d340f1cfe"
+		date = "2024-02-22"
+		modified = "2024-02-27"
+		reference = "TIB-20240228"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L103-L129"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "dd3535079881ae9cfe25c129803668cb595be89b7f62eb82af19cc3839f92b6d"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE, MEMORY"
+		hash1 = "d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10265
+		version = 4
+
+	strings:
+		$s1 = "Session *%s* opened!" wide ascii
+		$s2 = "uevent_seqnum.sh" wide ascii
+		$s3 = "Error downloading shell script: %v" wide ascii
+		$s4 = "Error setting execute permissions: %v" wide ascii
+		$s5 = "Error executing shell script: %v" wide ascii
+		$s6 = "Error creating Discord session" wide ascii
+
+	condition:
+		4 of them
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Bogus_Strings : UTA0137 FILE
+{
+	meta:
+		description = "Detects the DISGOMOJI malware using bogus strings introduced in the newer versions."
+		author = "threatintel@volexity.com"
+		id = "ecff8d3c-d4fe-5b6d-a227-6ff531cf8e2b"
+		date = "2024-03-14"
+		modified = "2024-03-14"
+		reference = "TIB-20240318"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L131-L157"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "0d8a2b371ffb182e60a8cc0cc500d1a9f906718a55f23f35f6c12f7faabbe971"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE"
+		hash1 = "8c8ef2d850bd9c987604e82571706e11612946122c6ab089bd54440c0113968e"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10341
+		version = 3
+
+	strings:
+		$s1 = "Graphics Display Rendering" wide ascii
+		$s2 = "Error fetching Repository Key: %v" wide ascii
+		$s3 = "Error reading Repository Key: %v" wide ascii
+		$s4 = "Error fetching dpkg: %v" wide ascii
+		$s5 = "GNU Drivers Latest version v1.4.2" wide ascii
+		$s6 = "ps_output.txt" wide ascii
+
+	condition:
+		all of them
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Script_Uevent_Seqnum : UTA0137 FILE
+{
+	meta:
+		description = "Detects a script deployed as part of DISGOMOJI malware chain."
+		author = "threatintel@volexity.com"
+		id = "9df61164-6a92-5042-ba4f-64dc7e998283"
+		date = "2024-03-07"
+		modified = "2024-03-14"
+		reference = "TIB-20240318"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L159-L185"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "e390e83d9fc15499c9f32ad47d1c526273105602bda7b3532720b0a3f6abc835"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE"
+		hash1 = "98b24fb7aaaece7556aea2269b4e908dd79ff332ddaa5111caec49123840f364"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10314
+		version = 3
+
+	strings:
+		$s1 = "USB_DIR=\"/media/$USER\"" wide ascii
+		$s2 = "RECORD_FILE=\"record.txt\"" wide ascii
+		$s3 = "copy_files()" wide ascii
+		$s4 = "Check for connected USB drives" wide ascii
+		$s5 = "Check if filename already exists in record.txt" wide ascii
+		$s6 = "Function to copy files from USB drive to destination folder" wide ascii
+
+	condition:
+		3 of them
+}
+rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Script_Lan_Conf : UTA0137 FILE
+{
+	meta:
+		description = "Detects a script deployed as part of DISGOMOJI malware chain."
+		author = "threatintel@volexity.com"
+		id = "b338b3cf-22ce-5767-bdea-503e883bc84b"
+		date = "2024-03-07"
+		modified = "2024-03-14"
+		reference = "TIB-20240318"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L187-L213"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "2a19d5cff7adc9b1b92538a5df4e3cadea694f925f65080f5093fc5425e840f4"
+		score = 75
+		quality = 80
+		tags = "UTA0137, FILE"
+		hash1 = "0b5cf9bd917f0af03dd694ff4ce39b0b34a97c9f41b87feac1dc884a684f60ef"
+		os = "linux"
+		os_arch = "all"
+		scan_context = "file"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10312
+		version = 4
+
+	strings:
+		$s1 = "add_lan_conf_cron_if_not_exists" wide ascii
+		$s2 = "download_if_not_exists" wide ascii
+		$s3 = "add_cron_if_not_exists" wide ascii
+		$s4 = "uevent_seqnum.sh" wide ascii
+		$s5 = "$HOME/.x86_64-linux-gnu" wide ascii
+		$s6 = "lanConfScriptPath" wide ascii
+
+	condition:
+		4 of them
+}
+rule VOLEXITY_Malware_Golang_Discordc2_Bmdyy_1 : FILE MEMORY
+{
+	meta:
+		description = "Detects a opensource malware available on github using strings in the ELF. DISGOMOJI used by UTA0137 is based on this malware."
+		author = "threatintel@volexity.com"
+		id = "6816d264-4311-5e90-948b-2e27cdf0b720"
+		date = "2024-03-28"
+		modified = "2024-03-28"
+		reference = "TIB-20240229"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L215-L241"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "22b3e5109d0738552fbc310344b2651ab3297e324bc883d5332c1e8a7a1df29b"
+		score = 75
+		quality = 80
+		tags = "FILE, MEMORY"
+		hash1 = "de32e96d1f151cc787841c12fad88d0a2276a93d202fc19f93631462512fffaf"
+		os = "all"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10390
+		version = 2
+
+	strings:
+		$s1 = "File is bigger than 8MB" wide ascii
+		$s2 = "Uploaded file to" wide ascii
+		$s3 = "sess-%d" wide ascii
+		$s4 = "Session *%s* opened" wide ascii
+		$s5 = "%s%d_%dx%d.png" wide ascii
+
+	condition:
+		4 of them
+}
+rule VOLEXITY_Malware_Golang_Discordc2_Bmdyy : FILE MEMORY
+{
+	meta:
+		description = "Detects a opensource malware available on github using strings in the ELF. DISGOMOJI used by UTA0137 is based on this malware."
+		author = "threatintel@volexity.com"
+		id = "1ddbf476-ba2d-5cbb-ad95-38e0ae8db71b"
+		date = "2024-02-22"
+		modified = "2024-03-28"
+		reference = "https://github.com/bmdyy/discord-c2"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L243-L265"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
+		logic_hash = "38b860a43b9937351f74b01983888f18ad101cbe66560feb7455d46b713eba0f"
+		score = 75
+		quality = 80
+		tags = "FILE, MEMORY"
+		hash1 = "d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529"
+		os = "all"
+		os_arch = "all"
+		scan_context = "file,memory"
+		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
+		rule_id = 10264
+		version = 10
+
+	strings:
+		$s1 = "**IP**: %s\n**User**: %s\n**Hostname**: %s\n**OS**: %s\n**CWD**" wide ascii
+
+	condition:
+		$s1
+}
 rule VOLEXITY_Apt_Webshell_Pl_Complyshell : UTA0178 FILE MEMORY
 {
 	meta:
@@ -196502,8 +200720,8 @@ rule VOLEXITY_Apt_Webshell_Pl_Complyshell : UTA0178 FILE MEMORY
 		date = "2023-12-13"
 		modified = "2024-01-09"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L1-L22"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L1-L22"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "ff46691f1add20cff30fe996e2fb199ce42408e86d5642a8a43c430f2245b1f5"
 		score = 75
 		quality = 80
@@ -196531,8 +200749,8 @@ rule VOLEXITY_Apt_Webshell_Aspx_Glasstoken : UTA0178 FILE MEMORY
 		date = "2023-12-12"
 		modified = "2024-01-09"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L24-L49"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L24-L49"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "34844dc2ba4b18b25dcb5b14b7b80ec655595c9638600a0f2a6367610c542dd1"
 		score = 75
 		quality = 80
@@ -196561,8 +200779,8 @@ rule VOLEXITY_Webshell_Aspx_Regeorg : FILE MEMORY
 		date = "2018-08-29"
 		modified = "2024-01-09"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L51-L83"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L51-L83"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		hash = "9d901f1a494ffa98d967ee6ee30a46402c12a807ce425d5f51252eb69941d988"
 		logic_hash = "4fed023e85a32052917f6db1e2e155c91586538938c03acc59f200a8264888ca"
 		score = 75
@@ -196596,8 +200814,8 @@ rule VOLEXITY_Hacktool_Py_Pysoxy : FILE MEMORY
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "TIB-20240109"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L85-L111"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L85-L111"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "f73e9d3c2f64c013218469209f3b69fc868efafc151a7de979dde089bfdb24b2"
 		score = 75
 		quality = 80
@@ -196632,8 +200850,8 @@ rule VOLEXITY_Apt_Malware_Vbs_Basicstar : CHARMINGCYPRESS FILE MEMORY
 		date = "2024-01-04"
 		modified = "2024-01-11"
 		reference = "TIB-20240111"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L64-L92"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L64-L92"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "977bb42553bb6585c8d0e1e89675644720ca9abf294eccd797e20d4bca516810"
 		score = 75
 		quality = 80
@@ -196669,8 +200887,8 @@ rule VOLEXITY_Apt_Malware_Ps1_Powerless_B : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-10-25"
 		modified = "2023-11-03"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L93-L150"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L93-L150"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "a95fe2c8d09d66e07a999eef3a5666cc622bbc063d747626c48b26cfecf35849"
 		score = 75
 		quality = 78
@@ -196735,8 +200953,8 @@ rule VOLEXITY_Apt_Malware_Macos_Vpnclient_Cc_Oct23 : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L236-L261"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L236-L261"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "da5e9be752648b072a9aaeed884b8e1729a14841e33ed6633a0aaae1f11bd139"
 		score = 75
 		quality = 80
@@ -196771,8 +200989,8 @@ rule VOLEXITY_Apt_Malware_Charmingcypress_Openvpn_Configuration : CHARMINGCYPRES
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L262-L286"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L262-L286"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "f4c5f13ac75504b14def9c37d3a41c6eea4c45845d4b54c50030b1f00691e4bf"
 		score = 75
 		quality = 80
@@ -196806,8 +201024,8 @@ rule VOLEXITY_Apt_Delivery_Win_Charming_Openvpn_Client : CHARMINGCYPRESS FILE
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L287-L310"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L287-L310"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "02596a62cb1ba17ecabef0ae93f434e4774b00422a6da2106a2bc4c59d2f8077"
 		score = 75
 		quality = 80
@@ -196840,8 +201058,8 @@ rule VOLEXITY_Apt_Malware_Ps1_Powerstar_Generic : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-06-02"
 		modified = "2023-06-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-02-13 CharmingCypress/rules.yar#L311-L335"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-02-13 CharmingCypress/rules.yar#L311-L335"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "4da02190ffd16304eccbc0d12dfcc5637a6b785af0e3dc3dfcafcfe114597eb2"
 		score = 75
 		quality = 80
@@ -196871,8 +201089,8 @@ rule VOLEXITY_Apt_Malware_Py_Upstyle : UTA0218 FILE MEMORY
 		date = "2024-04-11"
 		modified = "2024-04-12"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L1-L33"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L1-L33"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "51923600b23d23f4ce29eac7f5ab9f7e1ddb45bed5f6727ddec4dcb75872e473"
 		score = 75
 		quality = 80
@@ -196907,8 +201125,8 @@ rule VOLEXITY_Susp_Any_Jarischf_User_Path : FILE MEMORY
 		date = "2024-04-10"
 		modified = "2024-04-12"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L57-L78"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L57-L78"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "574d5b1fadb91c39251600e7d73d4993d4b16565bd1427a0e8d6ed4e7905ab54"
 		score = 50
 		quality = 80
@@ -196936,8 +201154,8 @@ rule VOLEXITY_Hacktool_Golang_Reversessh_Fahrj : FILE MEMORY
 		date = "2024-04-10"
 		modified = "2024-04-12"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L79-L112"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L79-L112"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "38b40cc7fc1e601da2c7a825f1c2eff209093875a5829ddd2f4c5ad438d660f8"
 		score = 75
 		quality = 80
@@ -196974,8 +201192,8 @@ rule VOLEXITY_Apt_Macos_Gimmick : STORMCLOUD
 		date = "2021-10-18"
 		modified = "2022-03-22"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-03-22 GIMMICK/indicators/yara.yar#L1-L50"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-03-22 GIMMICK/indicators/yara.yar#L1-L50"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "403ed1102fe5a99c0aacde02e0830f9c4fa194f10aec4a192f4abf6cde0de99d"
 		score = 75
 		quality = 78
@@ -197026,8 +201244,8 @@ rule VOLEXITY_Apt_Win_Gimmick_Dotnet_Base : STORMCLOUD
 		date = "2020-03-16"
 		modified = "2022-03-22"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-03-22 GIMMICK/indicators/yara.yar#L52-L76"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-03-22 GIMMICK/indicators/yara.yar#L52-L76"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "0dd2aab308b7057d3075c792339af89d7ff9d617f1beb78ecdb725554defa5dc"
 		score = 75
 		quality = 80
@@ -197058,8 +201276,8 @@ rule VOLEXITY_Webshell_Jsp_Converge : WEBSHELL
 		date = "2022-06-01"
 		modified = "2022-06-06"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L1-L15"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L1-L15"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "bb48516342eddd48c35e6db0eb74f95e116dc723503552b99ba721b5bdb391e5"
 		score = 75
 		quality = 80
@@ -197082,8 +201300,8 @@ rule VOLEXITY_General_Jsp_Possible_Tiny_Fileuploader : GENERAL WEBSHELLS FILE
 		date = "2022-06-01"
 		modified = "2022-06-06"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L17-L50"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L17-L50"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "bad62e6fd33ffb0d8551302fd7f85528066992c272b670d44a33b5b2eb174886"
 		score = 75
 		quality = 80
@@ -197112,8 +201330,8 @@ rule VOLEXITY_Webshell_Java_Realcmd : COMMODITY WEBSHELLS
 		date = "2022-06-01"
 		modified = "2022-06-06"
 		reference = "https://github.com/Freakboy/Behinder/blob/master/src/main/java/vip/youwe/sheller/payload/java/RealCMD.java"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L52-L79"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L52-L79"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "244add844570b23e5df23882a3fdacf894f3e201b01373d949b0752361960536"
 		score = 75
 		quality = 80
@@ -197146,8 +201364,8 @@ rule VOLEXITY_Apt_Js_Sharpext : SHARPTONGUE
 		date = "2021-09-14"
 		modified = "2022-07-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-07-28 SharpTongue SharpTongue Deploys Clever Mail-Stealing Browser Extension SHARPEXT/yara.yar#L1-L47"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-07-28 SharpTongue SharpTongue Deploys Clever Mail-Stealing Browser Extension SHARPEXT/yara.yar#L1-L47"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "0ed58c8646582ee36aeac650fac02d1e4962d45c0f6a24783c021d9267bed192"
 		score = 75
 		quality = 80
@@ -197191,8 +201409,8 @@ rule VOLEXITY_Webshell_Jsp_Godzilla : WEBSHELLS COMMODITY
 		date = "2021-11-08"
 		modified = "2022-08-10"
 		reference = "https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L1-L28"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L1-L28"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "52cba9545f662da18ca6e07340d7a9be637b89e7ed702dd58cac545c702a00e3"
 		score = 75
 		quality = 80
@@ -197222,8 +201440,8 @@ rule VOLEXITY_Webshell_Jsp_General_Runtime_Exec_Req : GENERAL WEBSHELLS
 		date = "2022-02-02"
 		modified = "2022-08-10"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L30-L45"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L30-L45"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "d3048aba80c1c39f1673931cd2d7c5ed83045603b0ad204073fd788d0103a6c8"
 		score = 75
 		quality = 80
@@ -197247,8 +201465,8 @@ rule VOLEXITY_Webshell_Jsp_Regeorg : WEBSHELL COMMODITY
 		date = "2022-03-08"
 		modified = "2022-08-10"
 		reference = "https://github.com/SecWiki/WebShell-2/blob/master/reGeorg-master/tunnel.jsp"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L47-L70"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L47-L70"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "cecb71605d9112d509823c26e40e1cf9cd6db581db448db5c9ffc63a2bfe529e"
 		score = 75
 		quality = 80
@@ -197277,8 +201495,8 @@ rule VOLEXITY_Apt_Win_Applejeus_Oct22 : LAZARUS
 		date = "2022-11-03"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L1-L16"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L1-L16"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "46f3325a7e8e33896862b1971f561f4871670842aecd46bcc7a5a1af869ecdc4"
 		score = 75
 		quality = 80
@@ -197302,8 +201520,8 @@ rule VOLEXITY_Apt_Win_Applejeus_B_Oct22 : LAZARUS
 		date = "2022-11-03"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L18-L41"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L18-L41"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "76f3c9692ea96d3cadbbcad03477ab6c53445935352cb215152b9b5483666d43"
 		score = 75
 		quality = 80
@@ -197330,8 +201548,8 @@ rule VOLEXITY_Apt_Win_Applejeus_C_Oct22 : LAZARUS
 		date = "2022-11-03"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L43-L63"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L43-L63"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "566f5840ff2023f4fd8ffaa9ba1308a7012913cf587838173358b8f1fe4abca8"
 		score = 75
 		quality = 80
@@ -197360,8 +201578,8 @@ rule VOLEXITY_Apt_Win_Applejeus_D_Oct22 : LAZARUS
 		date = "2022-11-10"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L65-L83"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L65-L83"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "23c0642e5be15a75a39d089cd52f2f14d633f7af6889140b9ec6e53c5c023974"
 		score = 75
 		quality = 80
@@ -197388,8 +201606,8 @@ rule VOLEXITY_Cf_Office_Win_Macro_Lazarus_Jeus_B : LAZARUS
 		date = "2022-11-03"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L85-L104"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L85-L104"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "e55199e6ad26894f98e930cd4716127ee868872d08ada1c44675e4db1ec27894"
 		score = 75
 		quality = 80
@@ -197417,8 +201635,8 @@ rule VOLEXITY_Cf_Office_Win_Macro_Lazarus_Jeus : LAZARUS
 		date = "2022-11-02"
 		modified = "2022-12-01"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L106-L124"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L106-L124"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "8e5a9042ec1ddaf4da511743434461c9865f259c30a9b02c28475b3a59fe4fc1"
 		score = 75
 		quality = 80
@@ -197445,8 +201663,8 @@ rule VOLEXITY_Webshell_Java_Behinder_Shellservice : WEBSHELLS COMMODITY
 		date = "2022-03-18"
 		modified = "2022-07-28"
 		reference = "https://github.com/MountCloud/BehinderClientSource/blob/master/src/main/java/net/rebeyond/behinder/core/ShellService.java"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L1-L23"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L1-L23"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "373a8d4ef81e9bbbf1f24ebf0389e7da4b73f88786cc8e1d286ccc9f4c36debc"
 		score = 75
 		quality = 30
@@ -197476,8 +201694,8 @@ rule VOLEXITY_General_Java_Encoding_And_Classloader : WEBSHELLS GENERAL FILE
 		date = "2022-04-07"
 		modified = "2022-07-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L25-L43"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L25-L43"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "21c226b03451eb98a8be5b26a9f00169f16454ecd21d4131c9991b63d2e3c8cd"
 		score = 65
 		quality = 80
@@ -197503,8 +201721,8 @@ rule VOLEXITY_Webshell_Php_Str_Replace_Create_Func : WEBSHELLS GENERAL FILE
 		date = "2022-04-04"
 		modified = "2022-07-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L45-L73"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L45-L73"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "6a9ded1f1a8e4b8ae5f3db06f71bec6e9f62b6126b7444408d6319a35ed23827"
 		score = 75
 		quality = 80
@@ -197530,8 +201748,8 @@ rule VOLEXITY_Trojan_Golang_Pantegana : COMMODITY
 		date = "2022-03-30"
 		modified = "2022-07-28"
 		reference = "https://github.com/elleven11/pantegana"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L75-L99"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L75-L99"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "791a664a6b4b98051cbfacb451099de085cbab74d73771709377ab68a5a23d2b"
 		score = 75
 		quality = 80
@@ -197561,8 +201779,8 @@ rule VOLEXITY_Trojan_Any_Pupyrat_B : COMMODITY
 		date = "2022-04-07"
 		modified = "2022-07-28"
 		reference = "https://github.com/n1nj4sec/pupy"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L101-L134"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L101-L134"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "65eebfea2338deed682693f048a88d46ea4621177acb77c0642583b0dc35c818"
 		score = 75
 		quality = 80
@@ -197598,8 +201816,8 @@ rule VOLEXITY_General_Php_Fileinput_Eval : WEBSHELLS GENERAL
 		date = "2021-06-16"
 		modified = "2022-07-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L136-L152"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L136-L152"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "c61f0ee13007e398f45711354a1ca948f7f34893c9bcbdf845be932b63bd746d"
 		score = 75
 		quality = 80
@@ -197624,8 +201842,8 @@ rule VOLEXITY_General_Php_Call_User_Func : GENERAL WEBSHELLS
 		date = "2021-06-16"
 		modified = "2022-07-28"
 		reference = "https://zhuanlan.zhihu.com/p/354906657"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L154-L170"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L154-L170"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "46c999da97682023861e58f9cd2c8651480db990a0361c1985c6d5c35b5bf0ea"
 		score = 75
 		quality = 80
@@ -197649,8 +201867,8 @@ rule VOLEXITY_Webshell_Php_Icescorpion : COMMODITY WEBSHELL FILE
 		date = "2022-01-17"
 		modified = "2022-07-28"
 		reference = "https://www.codenong.com/cs106064226/"
-		source_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L172-L190"
-		license_url = "https://github.com/volexity/threat-intel/blob/62e031ea574efde68dac7d38dc23438466a5302b/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L172-L190"
+		license_url = "https://github.com/volexity/threat-intel/blob/cb213e6d64022494a2ae7a9e65dfbf254a99b144/LICENSE.txt"
 		logic_hash = "0c75ec7cbbfdba8ce5f71a83d78caf19366954b84f304c1864e68bbe11a9a2df"
 		score = 75
 		quality = 80
@@ -197670,7 +201888,7 @@ rule VOLEXITY_Webshell_Php_Icescorpion : COMMODITY WEBSHELL FILE
  * YARA Rule Set
  * Repository Name: JPCERTCC
  * Repository: https://github.com/JPCERTCC/MalConfScan/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e
  * Number of Rules: 30
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -198514,7 +202732,7 @@ rule JPCERTCC_Elf_Wellmess : FILE
  * YARA Rule Set
  * Repository Name: SecuInfra
  * Repository: https://github.com/SIFalcon/Detection
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd
  * Number of Rules: 45
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -198920,9 +203138,9 @@ rule SECUINFRA_MALWARE_Emotet_Onenote_Delivery_Wsf_Mar23
 	condition:
 		uint32be(0x0)==0xE4525C7B and any of ($s_*) and $script and $wsfExt and $GUIDwsf and $endTmp
 }
-import "console"
 import "math"
 import "pe"
+import "console"
 
 rule SECUINFRA_RANSOM_Lockbit_Black_Packer : RANSOMWARE FILE
 {
@@ -199829,7 +204047,7 @@ rule SECUINFRA_HUNT_RTF_CVE_2023_21716_Mar23 : CVE_2023_21716
  * YARA Rule Set
  * Repository Name: RussianPanda
  * Repository: https://github.com/RussianPanda95/Yara-Rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: c65f3c62711bf141e4eb926ffe3a9880e5331974
  * Number of Rules: 71
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -201704,7 +205922,7 @@ rule RUSSIANPANDA_Easycrypter : FILE
  * YARA Rule Set
  * Repository Name: Check Point
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 4
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -201918,7 +206136,7 @@ rule CHECK_POINT_Apt_Nazar_Component_Guids
  * YARA Rule Set
  * Repository Name: Dragon Threat Labs
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 7
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -202111,7 +206329,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win32_Dropper : DROPPER FILE
  * YARA Rule Set
  * Repository Name: Microsoft
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 21
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -202715,7 +206933,7 @@ rule MICROSOFT_Trojan_Win32_Plakpeer : PLATINUM
  * YARA Rule Set
  * Repository Name: NCSC
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 17
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -203186,7 +207404,7 @@ rule NCSC_Sparrowdoor_Strings
  * YARA Rule Set
  * Repository Name: Dr4k0nia
  * Repository: https://github.com/dr4k0nia/yara-rules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -203367,7 +207585,7 @@ rule DR4K0NIA_MAL_MSIL_NET_Typhonlogger_Jul23 : FILE
  * YARA Rule Set
  * Repository Name: EmbeeResearch
  * Repository: https://github.com/embee-research/Yara-detection-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4
  * Number of Rules: 39
  * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance)
@@ -204460,7 +208678,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE
  * YARA Rule Set
  * Repository Name: AvastTI
  * Repository: https://github.com/avast/ioc
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 3daf463e031feb22b30b2d756578b67e3d86946f
  * Number of Rules: 33
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -205323,7 +209541,7 @@ rule AVASTTI_Manjusaka_Payload_Mz
  * YARA Rule Set
  * Repository Name: SBousseaden
  * Repository: https://github.com/sbousseaden/YaraHunts/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb
  * Number of Rules: 36
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -206400,7 +210618,7 @@ rule SBOUSSEADEN_Hunt_Common_Credit_Card_Memscrapper : FILE
  * YARA Rule Set
  * Repository Name: Elceef
  * Repository: https://github.com/elceef/yara-rulz
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ff4396e33ef3e2561191a2193902d1d809a7fa3d
  * Number of Rules: 16
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -206875,7 +211093,7 @@ rule ELCEEF_ZIP_High_Ratio_Single_Doc : FILE
  * YARA Rule Set
  * Repository Name: GodModeRules
  * Repository: https://github.com/Neo23x0/god-mode-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: c6de81ded89d2727bec9e0f6ed490f6c8ab380f2
  * Number of Rules: 1
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -207146,7 +211364,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
  * YARA Rule Set
  * Repository Name: Cod3nym
  * Repository: https://github.com/cod3nym/detection-rules/
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9
  * Number of Rules: 13
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -207590,7 +211808,7 @@ rule COD3NYM_SUSP_Direct_Syscall_Shellcode_Invocation_Jan24 : FILE
  * YARA Rule Set
  * Repository Name: craiu
  * Repository: https://github.com/craiu/yararules
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 68bc7e129467d2c027f06918f28c3196e5c684a1
  * Number of Rules: 10
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -208662,9 +212880,9 @@ rule CRAIU_Susp_Ios_Shutdown
  * YARA Rule Set
  * Repository Name: DitekSHen
  * Repository: https://github.com/ditekshen/detection
- * Retrieval Date: 2024-06-02
- * Git Commit: 7c2d40d839ad010072e1def7752780d41da1eba3
- * Number of Rules: 1421
+ * Retrieval Date: 2024-06-16
+ * Git Commit: 2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6
+ * Number of Rules: 1420
  * Skipped: 0 (age), 121 (quality), 0 (score), 0 (importance)
  *
  *
@@ -208689,8 +212907,8 @@ rule DITEKSHEN_INDICATOR_RTF_EXPLOIT_CVE_2017_0199_1 : CVE_2017_0199 FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L1-L69"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L1-L69"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "06b75267f00b775a6c1cd7a2022a9cfa0ea2c976f969c2c066be51449f197f58"
 		score = 75
 		quality = 75
@@ -208742,8 +212960,8 @@ rule DITEKSHEN_INDICATOR_RTF_EXPLOIT_CVE_2017_8759_1 : CVE_2017_8759 FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L195-L218"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L195-L218"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "595dc0153a2349fbd4f92dd544a3dfd05715059dd639653e7c7e6ac80624360e"
 		score = 75
 		quality = 75
@@ -208776,8 +212994,8 @@ rule DITEKSHEN_INDICATOR_RTF_EXPLOIT_CVE_2017_8759_2 : CVE_2017_8759 FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L220-L248"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L220-L248"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "15c9a5cfce5d1a797bab049352d8506b8bc112cabe2f510019f5d203690419e8"
 		score = 75
 		quality = 75
@@ -208813,8 +213031,8 @@ rule DITEKSHEN_INDICATOR_RTF_Exploit_Scripting : CVE_2017_8759 CVE_2017_8570 FIL
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L250-L282"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L250-L282"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a1f4c833f0132dcbe2b3677d6ac0f3597c152702515375d60d4332c21183bd76"
 		score = 75
 		quality = 75
@@ -208854,8 +213072,8 @@ rule DITEKSHEN_INDICATOR_RTF_Embedded_Excel_Sheetmacroenabled : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L284-L308"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L284-L308"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc3b52e549c2697c6e0a2fea365d193311d90d26854bd2fe321aa26c118975a0"
 		score = 75
 		quality = 75
@@ -208889,8 +213107,8 @@ rule DITEKSHEN_INDICATOR_OLE_Metadatacmd : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L310-L329"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L310-L329"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0562d026a1ad4510310ebff5da154064f92afc7bf714973f7de362435476772c"
 		score = 75
 		quality = 75
@@ -208916,8 +213134,8 @@ rule DITEKSHEN_INDICATOR_RTF_Equation_Bitsadmin_Downloader : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L403-L426"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L403-L426"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "39a07a0af243e929a6b3df48b6cf8a9d30bc8ef9e7deac494348945427b015e7"
 		score = 75
 		quality = 75
@@ -208949,8 +213167,8 @@ rule DITEKSHEN_INDICATOR_RTF_Equation_Certutil_Downloader : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L428-L451"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L428-L451"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d6c62957ce40ed755a84bd9aa8900e4990c466097d6df55c539b289bf50fe94e"
 		score = 75
 		quality = 75
@@ -208982,8 +213200,8 @@ rule DITEKSHEN_INDICATOR_RTF_Equation_Powershell_Downloader : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L453-L476"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L453-L476"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0b8b9b7b40f8b4d659de9e025a65d5c6b64c6066bb618a3e7ed3c318f70befe5"
 		score = 75
 		quality = 75
@@ -209015,8 +213233,8 @@ rule DITEKSHEN_INDICATOR_RTF_LNK_Shell_Explorer_Execution : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L478-L492"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L478-L492"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4c11a37425e260692e11dc8fca317611106245d1590081a7038036ad568702f8"
 		score = 75
 		quality = 75
@@ -209040,8 +213258,8 @@ rule DITEKSHEN_INDICATOR_RTF_Forms_HTML_Execution : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L494-L508"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L494-L508"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5e8a2072971c40d6fbc0e0265a9adfbe4faa04d0f3c6962fda443da33aa06906"
 		score = 75
 		quality = 75
@@ -209065,8 +213283,8 @@ rule DITEKSHEN_INDICATOR_PUB_MSIEXEC_Remote : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L510-L524"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L510-L524"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be5407e6e6e21e77f6de1d3a378996bfc6ce4326986aa03eb152e772bb495184"
 		score = 75
 		quality = 75
@@ -209093,8 +213311,8 @@ rule DITEKSHEN_INDICATOR_RTF_Ancalog_Exploit_Builder_Document : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L526-L538"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L526-L538"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e458be78ca8975d067110dc38119437b3ffe55afdbfdab47468c9ed74bba9f9d"
 		score = 75
 		quality = 75
@@ -209119,8 +213337,8 @@ rule DITEKSHEN_INDICATOR_RTF_Threadkit_Exploit_Builder_Document : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L540-L557"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L540-L557"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f2308ac6ae5345e0c783871dd6b471397ec83ba7194db5cc74c8984d84c2c0c2"
 		score = 75
 		quality = 75
@@ -209148,8 +213366,8 @@ rule DITEKSHEN_INDICATOR_XML_Legacydrawing_Autoload_Document : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L559-L569"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L559-L569"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a038636f5e8e7837c2209072f1659b921c8a9a48d4ed153e735915cf1f7f3fcc"
 		score = 75
 		quality = 75
@@ -209172,8 +213390,8 @@ rule DITEKSHEN_INDICATOR_XML_OLE_Autoload_Document : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L571-L581"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L571-L581"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b262a9f8e82dea55afc26acac731827b64f52069a2bf314f716832b3dfc2c04f"
 		score = 75
 		quality = 75
@@ -209196,8 +213414,8 @@ rule DITEKSHEN_INDICATOR_XML_Squiblydoo_1 : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L583-L597"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L583-L597"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b52ebd76dd4e60f6bd5cb19fed3a72b6aeb90dea95f0d1be61dcfff39ea674ae"
 		score = 75
 		quality = 75
@@ -209224,8 +213442,8 @@ rule DITEKSHEN_INDICATOR_OLE_Suspicious_Reverse : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L599-L619"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L599-L619"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "04950549eede23b7006103539f20437713a54138c073d9805048392ea0a3df2a"
 		score = 65
 		quality = 71
@@ -209255,8 +213473,8 @@ rule DITEKSHEN_INDICATOR_OLE_Suspicious_Activex : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L621-L651"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L621-L651"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d9a672b0eeccd93b4ae98fef45560490171f8fc16b712d1e0141fc0ef1d0e342"
 		score = 65
 		quality = 73
@@ -209296,8 +213514,8 @@ rule DITEKSHEN_INDICATOR_OLE_Suspicious_MITRE_T1117 : T1117 FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L653-L664"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L653-L664"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f0d97f4de8bde18299ee0caee680a15070a1faa99fc318d144a7b7918c8cbb1f"
 		score = 65
 		quality = 75
@@ -209321,8 +213539,8 @@ rule DITEKSHEN_INDICATOR_OLE_Remotetemplate
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L666-L677"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L666-L677"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "80cc5b1a8a8899f632401956055374d265c734449e56ffeee5f0ba4911050f36"
 		score = 75
 		quality = 75
@@ -209346,8 +213564,8 @@ rule DITEKSHEN_INDICATOR_RTF_Malver_Objects : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L679-L693"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L679-L693"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "69136fb8ba180f6f86e569471bcefe8f55c61af73c66ebd6062ba7369aee9a72"
 		score = 75
 		quality = 75
@@ -209373,8 +213591,8 @@ rule DITEKSHEN_INDICATOR_PPT_Mastermana : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L695-L715"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L695-L715"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f8169e63b22fbbd48de9a63ff228d9d9fb105e95d2ea8a37c0993493515e8b2e"
 		score = 75
 		quality = 71
@@ -209407,8 +213625,8 @@ rule DITEKSHEN_INDICATOR_XML_Webrelframe_Remotetemplate : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L717-L727"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L717-L727"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fbe209e31ddb4369de02b6e91bf65f0588089c7b838dcf80f182248790b59e20"
 		score = 75
 		quality = 75
@@ -209431,8 +213649,8 @@ rule DITEKSHEN_INDICATOR_PDF_Ipdropper : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L729-L738"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L729-L738"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be37ee7ef5d8c980483f31bf5667c2dad4321d662be05c495ec6755362d33fd6"
 		score = 60
 		quality = 35
@@ -209454,8 +213672,8 @@ rule DITEKSHEN_INDICATOR_OLE_Excel4Macros_DL1 : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L740-L764"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L740-L764"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a3248027b83b982cccf235267aa27def4f640987d41c5f11509bde3e27b82fee"
 		score = 75
 		quality = 25
@@ -209489,8 +213707,8 @@ rule DITEKSHEN_INDICATOR_OLE_Excel4Macros_DL2 : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L766-L787"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L766-L787"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48ab27a2f81934f6f2f034ebcd40fc083b0d90850d12a951f03dab3a4c396ec6"
 		score = 75
 		quality = 75
@@ -209524,8 +213742,8 @@ rule DITEKSHEN_INDICATOR_RTF_Embedded_Excel_Urldownloadtofile : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L789-L815"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L789-L815"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9416664683c249a9dc2b3d506d9dea7067a638cc4ee5ef7138e5b33a8fcd2b96"
 		score = 75
 		quality = 75
@@ -209560,8 +213778,8 @@ rule DITEKSHEN_INDICATOR_OLE_Excel4Macros_DL3 : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L817-L835"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L817-L835"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "83eaf60b900119b9fcd458e9e9dda119fd71785821bf282e9385031368ff9891"
 		score = 75
 		quality = 75
@@ -209592,8 +213810,8 @@ rule DITEKSHEN_INDICATOR_DOC_Phishingpatterns : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L837-L858"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L837-L858"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "50b6566cb18512f887c07576391eb492101f7534da3460d5f7740ee6f4cf707d"
 		score = 75
 		quality = 75
@@ -209627,8 +213845,8 @@ rule DITEKSHEN_INDICATOR_OOXML_Excel4Macros_EXEC : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L860-L873"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L860-L873"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ab3994e4082390f65d030db0b898a20df1d7e4b0ca2fdedc7a9d0f1480fd0334"
 		score = 75
 		quality = 75
@@ -209654,8 +213872,8 @@ rule DITEKSHEN_INDICATOR_OOXML_Excel4Macros_Autoopenhidden : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L875-L885"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L875-L885"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a93d8aa7ac025a0c2e8a9ac833f6d4c3cd3769ffca3f87455f43411d0021e828"
 		score = 75
 		quality = 75
@@ -209678,8 +213896,8 @@ rule DITEKSHEN_INDICATOR_SUSPICOIUS_RTF_Encodedurl : FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L905-L916"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L905-L916"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cb791bb5e2af46ff9f1f07cef33bbd51edc44b2394d6f3eff31d39eaa5ff2a33"
 		score = 75
 		quality = 75
@@ -209703,8 +213921,8 @@ rule DITEKSHEN_INDICATOR_RTF_Remotetemplate : CVE_2017_11882 FILE
 		date = "2024-02-22"
 		modified = "2024-02-22"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_office.yar#L918-L928"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_office.yar#L918-L928"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a75072bc4d9c7dc53220afe359911c04cd3267c142058352de80ec430a53517"
 		score = 60
 		quality = 35
@@ -209727,8 +213945,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Bazarloader : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L11-L21"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L11-L21"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fd47a1d996c78a6efc144f0fe0a28951c34becab3101e7d25acc980bb6b9f8ce"
 		score = 75
 		quality = 71
@@ -209751,8 +213969,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Qakbot : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L23-L37"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L23-L37"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7a38069b3b553cba1a789dac706638382dae5bb748b0c10ef50138879767b6dd"
 		score = 75
 		quality = 61
@@ -209779,8 +213997,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Amadey : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L39-L47"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L39-L47"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3df3fe67835f76e51743b1b4fa2cbc48277d82689c2fc27457b4d7d820e56e43"
 		score = 75
 		quality = 73
@@ -209801,8 +214019,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_UNK01 : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L49-L58"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L49-L58"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d85461f74186fcabcbf7f2bc1dce06b0012c504cf3235a6fc3e1499dc6f8a3ee"
 		score = 75
 		quality = 73
@@ -209824,8 +214042,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Lockergoga
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L60-L80"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L60-L80"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f3474f92d935dda0d4c3b11b6934aede69ed949c8ba4d196bfe320476d39ac36"
 		score = 75
 		quality = 49
@@ -209858,8 +214076,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Goldenaxe
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L82-L91"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L82-L91"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2540da85880dc08b51a2d096cefd8ed3cb14ccd171b71b434ccf26e7c5f1b54b"
 		score = 75
 		quality = 71
@@ -209881,8 +214099,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Getcrypt
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L93-L106"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L93-L106"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "401f4e69235873adc271f8861912ec17daaa71a798c83df8cc3a9b88520708c9"
 		score = 75
 		quality = 63
@@ -209908,8 +214126,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Cryptomix
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L108-L123"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L108-L123"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "27b75a476229fc877c316f7a61d1ed647f5a67ac44a174d86c084063f039b20c"
 		score = 75
 		quality = 34
@@ -209937,8 +214155,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Buran
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L125-L140"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L125-L140"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "685126efa7f90ce296fc616bd8d5d89a5b4b9aba8b60601b29534de21a0d0015"
 		score = 75
 		quality = 59
@@ -209966,8 +214184,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Ransomwareexx
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L142-L150"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L142-L150"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a83ada5d29c6d62a292c4b3a1379558cddcaf63d97dbdfc6afd27cc52f6f656d"
 		score = 75
 		quality = 73
@@ -209988,8 +214206,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Phobos
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L152-L161"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L152-L161"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cf9e163d2315d465afb47bf83f30d5d27e14c4cbbc1c235dcb15b75fb509ba7d"
 		score = 75
 		quality = 71
@@ -210011,8 +214229,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Epsilon
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L163-L171"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L163-L171"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "163694ed2ae181764fc6e62027487d183114be35a689dd44d4d9761149df244b"
 		score = 75
 		quality = 73
@@ -210033,8 +214251,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Thanos
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L173-L182"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L173-L182"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "039ea384136a1aaa261702ed75ab9358aaa1ec2d5a8d35fe4789647f39490c7c"
 		score = 75
 		quality = 71
@@ -210056,8 +214274,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Vovalex
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L184-L192"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L184-L192"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e8b426e55c1efaf59e5f255f1da9cdfbb509561d3f7ea5baa2815c3131866eb"
 		score = 75
 		quality = 73
@@ -210078,8 +214296,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Alumnilocker
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L194-L202"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L194-L202"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aeab9cb2b2da246e1863cd1102d901d322017d0b309e852d83e4f66f6e4bdd22"
 		score = 75
 		quality = 73
@@ -210100,8 +214318,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Doejocrypt
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L204-L213"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L204-L213"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b76996ef413d017fa571115f7331154c808fed0f1b1e0c97241cadbbef260a00"
 		score = 75
 		quality = 71
@@ -210123,8 +214341,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Purge
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L215-L224"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L215-L224"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "49f3f5a88212d4bed1f0237a4437fb537e84cd6dd26c5fe224250f3b6e39d384"
 		score = 75
 		quality = 71
@@ -210146,8 +214364,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Zeoticus
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L226-L235"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L226-L235"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7a83b15b0c8e81f67d11f8b5d9a43ba4e1e3a0f6741ddd0daafe4e742dd91cd8"
 		score = 75
 		quality = 71
@@ -210169,8 +214387,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Jobcryptor
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L237-L247"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L237-L247"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c8c5dcc0d7484a3ac6e702cca8bd0907f9e4f4aea5e99c4c3f988389e0d803a7"
 		score = 75
 		quality = 69
@@ -210193,8 +214411,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Cuba
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L249-L261"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L249-L261"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b734199c8593c338c803518b2729e9d9ceaaed5d21585a3d299885433d8f796e"
 		score = 75
 		quality = 65
@@ -210219,8 +214437,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Hello
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L263-L277"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L263-L277"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dfafb0323a50891c03c4b706d4f3a6a511cecdee2448c1f554b416ba1e3d3df9"
 		score = 75
 		quality = 61
@@ -210247,8 +214465,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Unlockyourfiles
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L279-L288"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L279-L288"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a33dae7f08eb0c2415fbfdadf2cbbf90c68bc802352277422c6d0a2dbd62cd82"
 		score = 75
 		quality = 71
@@ -210270,8 +214488,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Darkside
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L290-L299"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L290-L299"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3c6cdb15cad19f1db38c0fe03ecb24d5cd4861a699aa2bee0f99b8dddacc8bd1"
 		score = 75
 		quality = 73
@@ -210293,8 +214511,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Spyro
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L301-L310"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L301-L310"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b12b24b7b1b9800d249fd322532d957ddfc020c495ca89414d8d7e9fa7d58eb7"
 		score = 75
 		quality = 71
@@ -210316,8 +214534,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Ryzerlo
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L312-L320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L312-L320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2d925cac74411c3e408d674e27a27ae029d39977026a79df8f90edae345a31db"
 		score = 75
 		quality = 73
@@ -210338,8 +214556,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_PYSA
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L322-L340"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L322-L340"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cf0fbc0160f1d21efdb4a6935ae0d2206107042e3d020722f50d2c302aff246c"
 		score = 75
 		quality = 55
@@ -210370,8 +214588,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Ranzylocker
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L354-L363"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L354-L363"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dc345257a3cca82a95e20505c94e90d8ac42240e1491ea1f34be121871673e26"
 		score = 75
 		quality = 71
@@ -210393,8 +214611,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Alkhal
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L365-L374"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L365-L374"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bd2d66a9cd33ab15b451158cd6c0e6579735653611ee2e6c8045a5807091938d"
 		score = 75
 		quality = 71
@@ -210416,8 +214634,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_DECAF
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L376-L408"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L376-L408"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8fca3a6564cd11e625b65e7f0f278b79678368dd0c77440e9f8d46035e0c3426"
 		score = 75
 		quality = 73
@@ -210461,8 +214679,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Babuk
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L410-L426"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L410-L426"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "129b1364bb59423aab1f5f67a4c2d2a76a9c4f55aa6aa1e59bcebc717a14ee19"
 		score = 75
 		quality = 61
@@ -210491,8 +214709,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Rapid
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L428-L436"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L428-L436"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ea82a3fcb1d836e1c250e9a576064e1babdb82b4970555260af2eb68726cfd16"
 		score = 75
 		quality = 73
@@ -210513,8 +214731,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Satana
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L438-L447"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L438-L447"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d82e2497044518cee1b56da85f1ad6ac7934eec9ca68501932d55add4236d45"
 		score = 75
 		quality = 73
@@ -210536,8 +214754,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Zeppelin
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L449-L462"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L449-L462"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "66dd92423cfac32de4bea95ad0c9594cb449dc897cc6315d782c1db6de7dc5b1"
 		score = 75
 		quality = 63
@@ -210563,8 +214781,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_STOP
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L464-L480"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L464-L480"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f0d902edbcbe8ff8f3a751b649554499933b06471920c86a9eea3de23890b4bc"
 		score = 75
 		quality = 57
@@ -210593,8 +214811,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Diavol
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L482-L491"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L482-L491"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c72f4d7854f7ba813c4872d47aad69edb8c2927f380b9213ced1aca52454eee5"
 		score = 75
 		quality = 71
@@ -210616,8 +214834,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Chaos
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L493-L511"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L493-L511"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6e8dce1622dbccca6aa15040b49fc9ea05ec7192f8a79409fd7414690102d09a"
 		score = 75
 		quality = 67
@@ -210647,8 +214865,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Maze
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L513-L521"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L513-L521"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "46070d46c502837e5fb87d0fb75244a1a21e90b4e0ce4b73c408b8dc67fe1bcb"
 		score = 75
 		quality = 73
@@ -210669,8 +214887,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Lokilocker
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L523-L531"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L523-L531"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ab9a2ce7e39d916b389e2adb975e3558ddb7d87f7e9494e6b20cb25edd3cb84"
 		score = 75
 		quality = 73
@@ -210691,8 +214909,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Blackcat
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L533-L569"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L533-L569"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eb0a4d26170f030775f778cc524749ca283dfa983f84bd364e4df6321eb96cf1"
 		score = 75
 		quality = 73
@@ -210738,8 +214956,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Koxic
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L571-L580"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L571-L580"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca4d0e85cf4c7a134609262e21d5cef98100ba0a046d17ffe51bf3975dc7cae9"
 		score = 75
 		quality = 73
@@ -210761,8 +214979,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Ryuk
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L582-L592"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L582-L592"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2b6106fc49dd254ca936e285fa0c2a3aee7110832686638d20d369d77f6c48f"
 		score = 75
 		quality = 71
@@ -210785,8 +215003,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Lockdown
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L594-L603"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L594-L603"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cb17bb92d6e8189a08508481b75d301a1227906815c684753859914d77d7b3e7"
 		score = 75
 		quality = 73
@@ -210808,8 +215026,8 @@ rule DITEKSHEN_INDICATOR_KB_LNK_BOI_MAC : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L605-L637"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L605-L637"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "31a7966a0ea0fca363d2b926b06c8acbdae0c24dd2156389196255dbbf4ed662"
 		score = 75
 		quality = 73
@@ -210852,8 +215070,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Powershellwifistealer
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L691-L704"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L691-L704"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f119b54032e2a6ca35819e811e6479b00936115d98ef6e928f4c819d04a8321f"
 		score = 75
 		quality = 63
@@ -210879,8 +215097,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Powershellcookiestealer
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L706-L715"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L706-L715"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bd404e94939acb92dd56a7d2a1f7536bcb3f520ca1e9dc614b53828afbc6dac8"
 		score = 75
 		quality = 71
@@ -210902,8 +215120,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Zebrocy : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1541-L1550"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1541-L1550"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "16b88460896012b42ca576995f5de98a7a9d2fcc53f8e148427bca31a883d19b"
 		score = 75
 		quality = 75
@@ -210925,8 +215143,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Gostealer : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1552-L1562"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1552-L1562"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d548bc2580c8e8233a5fcdf85b947547c10f2c4d0056d14e990f30dd7b9a0672"
 		score = 75
 		quality = 75
@@ -210949,8 +215167,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Goldenaxe : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1564-L1573"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1564-L1573"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ab9aeaa74530de4a62ddfa8d7e8607e455d0ba4330260037327bec6d8d7abab"
 		score = 75
 		quality = 75
@@ -210972,8 +215190,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Nemty : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1575-L1588"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1575-L1588"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "246766ab1d2871b5c22323f622d39ce9fa9b46a2d43bace122ed5549484f3aac"
 		score = 75
 		quality = 75
@@ -210999,8 +215217,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Qnapcrypt : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1590-L1598"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1590-L1598"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3ee583c395701350c091041a72f988d1b5ae607b642b42152fcda29f9be63e2"
 		score = 75
 		quality = 75
@@ -211021,8 +215239,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Snatch : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1600-L1610"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1600-L1610"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a19c791ed0d829c4c97e35cfa604a8716bad3f02632712903d765db95ba87f6"
 		score = 75
 		quality = 75
@@ -211045,8 +215263,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Godownloader : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1612-L1622"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1612-L1622"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e0f5ee6ade4608a8b5c5bd02bf5aef0fcb9cb1fe1cc3a9d00b1ace91e5d0d33f"
 		score = 75
 		quality = 75
@@ -211069,8 +215287,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Ranumbot : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1624-L1633"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1624-L1633"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c3d0ba55ca2be1b11ebf1b82490c5d26f2b35958b31a7e55892e27f24bf4118f"
 		score = 75
 		quality = 75
@@ -211092,8 +215310,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Banload : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1635-L1643"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1635-L1643"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "534de1ce161e5e27f380f96b83630aa75031f268658aa7e8ff8ecce82ed5d4cd"
 		score = 75
 		quality = 75
@@ -211114,8 +215332,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Hive : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1645-L1653"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1645-L1653"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f311a3661ea3a26ebca6cd283d1e219011acfdfbb13fa8b919ca2724b9f4aae7"
 		score = 75
 		quality = 75
@@ -211136,8 +215354,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Nodachi : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1655-L1666"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1655-L1666"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "177269623e0f3850c37c6b203d9a637fa92c0ed3fa823cc8d885f28cb383bf7d"
 		score = 75
 		quality = 75
@@ -211161,8 +215379,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Gobrut : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1668-L1676"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1668-L1676"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "40c305f019cb31222fa75a24315764cb5e5356afaa72aefb59916d615a8fca28"
 		score = 75
 		quality = 75
@@ -211183,8 +215401,8 @@ rule DITEKSHEN_INDICATOR_KB_Gobuildid_Biopassdropper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1678-L1686"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1678-L1686"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3b586e886b9f901dde1c73aa07ce0d45e4ff417459f298094359ec1c1e02e522"
 		score = 75
 		quality = 75
@@ -211205,8 +215423,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Rhysida
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1688-L1697"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1688-L1697"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3e07bab2982a30a5372e6708ede6707d132d410aa5b5b1a29bdb5d06910a88e"
 		score = 75
 		quality = 71
@@ -211228,8 +215446,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Payola
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1699-L1708"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1699-L1708"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "568141c03d14faef0cfc4f5fbdec45a5109a1ad5cbbe99e76a1db86e7ef4dc5d"
 		score = 75
 		quality = 71
@@ -211251,8 +215469,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Xorist
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1710-L1723"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1710-L1723"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5975a730ad1a1f7e54e95ec5897aa2940ccc3ed1aa8e83b38cb7ac836c233208"
 		score = 75
 		quality = 67
@@ -211278,8 +215496,8 @@ rule DITEKSHEN_INDICATOR_KB_ID_Ransomware_Blackhunt
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_id.yar#L1725-L1739"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_id.yar#L1725-L1739"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6b875d4abdedc8032f89ab3cbdf4acdc855d83b5bcc08f96b2fbc38b4a5daa7f"
 		score = 75
 		quality = 61
@@ -211308,8 +215526,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_56203Db039Adbd6094B6A142C5E50587 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3-L14"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3-L14"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "38380bc1a22b8d0fe851f76d2ecadba638f10b01873be44766124fb738e23d71"
 		score = 75
 		quality = 75
@@ -211331,8 +215549,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_B5F34B7C326C73C392B515Eb4C2Ec80E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L16-L27"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L16-L27"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "553ef777cb7a93934caa53cc9acdc37fc4cbe2a28ae320f4a7f10b2a4073d675"
 		score = 75
 		quality = 75
@@ -211354,8 +215572,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A1Dc99E4D5264C45A5090F93242A30A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L29-L40"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L29-L40"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cb230503e17e93f78b04723c32d7ce66bdf146846e0208d268eebc0e446a6917"
 		score = 75
 		quality = 75
@@ -211377,8 +215595,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0D53690631Dd186C56Be9026Eb931Ae2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L42-L53"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L42-L53"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "645c2340fe7e7ce992f3f655d5058834d0df6a64ea20ef7794893a592124c55e"
 		score = 75
 		quality = 75
@@ -211400,8 +215618,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Fd8C468Cc1B45C9Cfb41Cbd8C835Cc9E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L55-L66"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L55-L66"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "495ec6dbfdec3f608e387280e2d34093bb4965f5ada7c101e3119ae970eaf80d"
 		score = 75
 		quality = 75
@@ -211423,8 +215641,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_32Fbf8Cfa43Dca3F85Efabe96Dfefa49 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L68-L79"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L68-L79"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7e53dcd2e10285f710f1fb2355d77db3507ce346e8d0f26843ca8df2271a6e9e"
 		score = 75
 		quality = 75
@@ -211446,8 +215664,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7E0Ccda0Ef37Acef6C2Ebe4538627E5C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L81-L92"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L81-L92"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aed6c65f9c6400c0cc94386be684d3b9dd8d7637f9798fb49f4f651cf28b2d12"
 		score = 75
 		quality = 75
@@ -211469,8 +215687,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0095E5793F2Abe0B4Ec9Be54Fd24F76Ae5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L94-L105"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L94-L105"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b1f8867b47c1bec43b3603af343d6d5728ec218a66863a6777c0ee59ae1faa98"
 		score = 75
 		quality = 75
@@ -211492,8 +215710,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C167F04B338B1E8747B92C2197403C43 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L107-L118"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L107-L118"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "008fe748c7956c1885c7d7e3a843d2310c17b7552dbbe9b4750809a5642d7ca6"
 		score = 75
 		quality = 75
@@ -211515,8 +215733,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Fc7065Abf8303Fb472B8Af85918F5C24 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L120-L131"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L120-L131"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ce0d25ef802948f754f155010f42d76256895ebd6ffdce8d97063dada58e668"
 		score = 75
 		quality = 75
@@ -211538,8 +215756,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B61B8E71514059Adc604Da05C283E514 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L133-L144"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L133-L144"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b771d40e4e2db1d3f26d8fb2fa140f57871712700e584005d2377b701fc9538a"
 		score = 75
 		quality = 75
@@ -211561,8 +215779,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_51Cd5393514F7Ace2B407C3Dbfb09D8D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L146-L157"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L146-L157"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "389dbdc85035fdd94e831940eda910349134600e921720729840c932123db36d"
 		score = 75
 		quality = 75
@@ -211584,8 +215802,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_030012F134E64347669F3256C7D050C5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L159-L170"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L159-L170"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "68bfd2e146e3b2bd1222de7f9981bb0e373bcb4727a81eb7060af36e6275d438"
 		score = 75
 		quality = 75
@@ -211607,8 +215825,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B7F19B13De9Bee8A52Ff365Ced6F67Fa : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L172-L183"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L172-L183"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "afdc41aed0480593bb8c92955db044ebe1a695d4912176123e26e052a3e9d3ea"
 		score = 75
 		quality = 75
@@ -211630,8 +215848,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4C8Def294478B7D59Ee95C61Fae3D965 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L185-L196"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L185-L196"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d9e956d7d5b9389aebafd4b7025818ac8eb5a72aaa1b94068a12aa7a8029f97c"
 		score = 75
 		quality = 75
@@ -211653,8 +215871,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A23B660E7322E54D7Bd0E5Acc890966 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L198-L209"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L198-L209"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6b9009d0c509b38107eba5742613f8ec6f48e447225c664e374ef56d64b035f0"
 		score = 75
 		quality = 75
@@ -211676,8 +215894,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_04332C16724Ffeda5868D22Af56Aea43 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L211-L222"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L211-L222"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "338e7d9374de04d00162c9caf86d922f4d659b024ae7908f0e02ca4709a14a1d"
 		score = 75
 		quality = 75
@@ -211699,8 +215917,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_085B70224253486624Fc36Fa658A1E32 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L224-L235"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L224-L235"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8779cca652b366ce33a3735069fdc35657a6bed5b469a956cd236d76901f8f54"
 		score = 75
 		quality = 75
@@ -211722,8 +215940,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0086E5A9B9E89E5075C475006D0Ca03832 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L237-L248"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L237-L248"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "613f21989dc369ef6b1d8e42a0d707810ef064c608e4e34ba5eb475164f14abc"
 		score = 75
 		quality = 75
@@ -211745,8 +215963,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_039668034826Df47E6207Ec9Daed57C3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L250-L261"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L250-L261"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b9579ba5dac45e38ef7b2b3381d1651395a4f648c68ae8e6fc36a0ea2d9b6300"
 		score = 75
 		quality = 75
@@ -211768,8 +215986,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_736Dcfd309Ea4C3Bea23287473Ffe071 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L263-L274"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L263-L274"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "68a91e0e042606d49a5c83c972b0a6bf387c9d7d20c2df132edec717ab4603a0"
 		score = 75
 		quality = 75
@@ -211791,8 +216009,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_09C89De6F64A7Fdf657E69353C5Fdd44 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L276-L287"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L276-L287"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7fcb517a4160226cf89c13b5b27310d1e8a02d3f164a338a8d2901ef604f1d8a"
 		score = 75
 		quality = 75
@@ -211814,8 +216032,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_03B630F9645531F8868Dae8Ac0F8Cfe6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L289-L300"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L289-L300"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0c388ee7cfc2f35d5e020520d0c5a04b872d5deff63fc551308168e60122f7fc"
 		score = 75
 		quality = 75
@@ -211837,8 +216055,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_020Bc03538Fbdc792F39D99A24A81B97 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L302-L313"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L302-L313"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "154d7d814ff0b1c2d85557211dd68d0bd82e9953a9912ac3c26475a1316b0cb3"
 		score = 75
 		quality = 75
@@ -211860,8 +216078,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4E8D4Fc7D9F38Aca1169Fbf8Ef2Aaf50 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L315-L326"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L315-L326"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2b440d21183745ac89de56f5ca22cf3f01be3212e20ce80fa67a45adbb6b16fe"
 		score = 75
 		quality = 75
@@ -211883,8 +216101,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_09830675Eb483E265C3153F0A77C3De9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L328-L339"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L328-L339"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b0a504ed2a2816602ac378a700567909812650f409626a7b2c1e25cf7f8cb51c"
 		score = 75
 		quality = 75
@@ -211906,8 +216124,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_351Fe2Efdc0Ac56A0C822Cf8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L341-L352"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L341-L352"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a661adcd9366da7eab0aa8059bbe6236022f7513996603eb06c43a0b38ff4b85"
 		score = 75
 		quality = 75
@@ -211929,8 +216147,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_07Bb6A9D1C642C5973C16D5353B17Ca4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L354-L365"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L354-L365"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "faecdcd78bc60f730bfe5a049fd0bd1309b44d185c0cbc81dfc326a162d5fcb2"
 		score = 75
 		quality = 75
@@ -211952,8 +216170,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_044E05Bb1A01A1Cbb50Cfb6Cd24E5D6B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L367-L378"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L367-L378"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c433b63f9c875a564f424ecc8e9239701ce8be78cd0046c1eefca8cf732abca3"
 		score = 75
 		quality = 75
@@ -211975,8 +216193,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0C14B611A44A1Bae0E8C7581651845B6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L380-L391"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L380-L391"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dae6318cf6f8e33e11af5c4b06379f8ef2744e784bb793c78f782b6a6286b84b"
 		score = 75
 		quality = 75
@@ -211998,8 +216216,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0B1926A5E8Ae50A0Efa504F005F93869 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L393-L404"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L393-L404"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "78d507f76d44ed982d12c293604d5c4fed14316cbc18473b7131bb89997bad28"
 		score = 75
 		quality = 75
@@ -212021,8 +216239,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Bab6A2Aa84B495D9E554A4C42C0126D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L406-L417"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L406-L417"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a9ecdf1107cba0767ac3fa52c7dd65a13015e4fd735da70b6f1e6dbcfe2f7526"
 		score = 75
 		quality = 75
@@ -212044,8 +216262,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_066226Cf6A4D8Ae1100961A0C5404Ff9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L419-L430"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L419-L430"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0b7fa450d143de99650d0364e461178ad4e0b147b19dae53b59928b2a17c9b6d"
 		score = 75
 		quality = 75
@@ -212067,8 +216285,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0E96837Dbe5F4548547203919B96Ac27 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L432-L443"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L432-L443"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2eedcc1d782df3c078c20a275680c2ff724e5b7675890af1335ff22d6138ab25"
 		score = 75
 		quality = 75
@@ -212090,8 +216308,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5B320A2F46C99C1Ba1357Bee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L445-L456"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L445-L456"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b0a515aa69b5de58cf7d1a496f95038e090cefe511803e7a29332b411a20d19f"
 		score = 75
 		quality = 75
@@ -212113,8 +216331,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02C5351936Abe405Ac760228A40387E8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L458-L469"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L458-L469"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ae9e428c5e7c1ab67be291da93e6d3fa694e3a9b347672817cbf1cac44837a04"
 		score = 75
 		quality = 75
@@ -212136,8 +216354,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_08D4352185317271C1Cec9D05C279Af7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L471-L482"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L471-L482"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6f4b8a52e152097a6e18f55b6b677eb1ba0f4da78ce68ffa35510bfb485e01e9"
 		score = 75
 		quality = 75
@@ -212159,8 +216377,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ed8Ade5D73B73Dade6943D557Ff87E5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L484-L495"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L484-L495"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e2e269a83a86567bf359996945cddc597406033aa7c5a7acf30b58d30816b28f"
 		score = 75
 		quality = 75
@@ -212182,8 +216400,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ed1847A2Ae5D71Def1E833Fddd33D38 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L497-L508"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L497-L508"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2acc6d2262bac8bfe49bb244d62be4dcf626dd9b2c9786b7a8963c48b17e6ab9"
 		score = 75
 		quality = 75
@@ -212205,8 +216423,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0292C7D574132Ba5C0441D1C7Ffcb805 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L510-L521"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L510-L521"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d0a6714ce5bfed90c80dcfffe4f1d61ec25c817cdc48907cbc67bcee52a1d9a"
 		score = 75
 		quality = 75
@@ -212228,8 +216446,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_028D50Ae0C554B49148E82Db5B1C2699 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L523-L534"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L523-L534"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7fe907059e83a058705a2884d514938c51fd206b0a175cfb9e8619244c20c62f"
 		score = 75
 		quality = 75
@@ -212251,8 +216469,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ca41D2D9F5E991F49B162D584B0F386 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L536-L547"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L536-L547"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "51f80dfd63b273e62abaa8b60a00525cfdc6b28341466a9f414703382ad088bd"
 		score = 75
 		quality = 75
@@ -212274,8 +216492,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1389C8373C00B792207Bca20Aa40Aa40 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L549-L560"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L549-L560"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c0c9ca9e1179f253f1b2ecd9c8a1a0ed17345eb9830201c7c16050339d7ccbc"
 		score = 75
 		quality = 75
@@ -212297,8 +216515,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A596Fd2779E507Aa466D159706Fe4150 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L562-L573"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L562-L573"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b88f346175e9084fdba94b9a8cbbf28a5012d28ab43350d927aac099921ab1a3"
 		score = 75
 		quality = 75
@@ -212320,8 +216538,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_45D76C63929C4620Ab706772F5907F82 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L575-L586"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L575-L586"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9854a8812f55f2ae7cddc714b780def3d0511b236685a17ffe202711237c4b7e"
 		score = 75
 		quality = 75
@@ -212343,8 +216561,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5029Daca439511456D9Ed8153703F4Bc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L588-L599"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L588-L599"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "256b4bebbe4567de9e7d1938dd99f7f9fa13749de2f331aec0bc15f4ab5ab488"
 		score = 75
 		quality = 75
@@ -212366,8 +216584,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1C7D3F6E116554809F49Ce16Ccb62E84 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L601-L612"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L601-L612"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f24037e6ac40844095e06ea12cebdf4dd22a35382c728f9586b90e40c57a4188"
 		score = 75
 		quality = 75
@@ -212389,8 +216607,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_75522215406335725687Af888Dcdc80C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L614-L625"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L614-L625"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5166ea726b1be824e5702c411800236d60c44fbfc89a39b1bc103de965249d7d"
 		score = 75
 		quality = 75
@@ -212412,8 +216630,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_768Ddcf9Ed8D16A6Bc77451Ee88Dfd90 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L627-L638"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L627-L638"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ba98f0da84b678262ee98e5c5fec2aaeab9a0c304fd4552dd27e87aa54f79cdf"
 		score = 75
 		quality = 75
@@ -212435,8 +216653,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_59E378994Cf1C0022764896D826E6Bb8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L640-L651"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L640-L651"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1720636723f0eeab074e29e7c9bf2df3c8d951e27b25ea4b7db60f6c00102589"
 		score = 75
 		quality = 75
@@ -212458,8 +216676,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3D2580E89526F7852B570654Efd9A8Bf : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L668-L679"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L668-L679"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "19f418672850536aaac1983b45c3239d5c81c1e4b9b6ee36a761cfc7e2351531"
 		score = 75
 		quality = 75
@@ -212481,8 +216699,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Da173Eb1Ac76340Ac058E1Ff4Bf5E1B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L681-L692"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L681-L692"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c9bfbef4470ee2339ef68484f8a4f21628c0cf9a07770d68d91e6c11e0345786"
 		score = 75
 		quality = 75
@@ -212504,8 +216722,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_378D5543048E583A06A0819F25Bd9E85 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L694-L705"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L694-L705"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "29c6ae99675b8ab2c497faad71791c3fc018e92447bd96f5b2b3f426e1a1322b"
 		score = 75
 		quality = 75
@@ -212527,8 +216745,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Fdb6F4C09A1Ad69D4Fd2E46Bb1F54313 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L720-L731"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L720-L731"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ce78ab52d8aeb87ada9cb86007907a8ad46e91982cc8fff43a61e7ec96609eb2"
 		score = 75
 		quality = 75
@@ -212550,8 +216768,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E5Bf5B5C0880Db96477C24C18519B9B9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L733-L744"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L733-L744"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3e0401a9cf3005abac24114193f34bf439107bf6661b7c2c0b66ca91438c7b9"
 		score = 75
 		quality = 75
@@ -212573,8 +216791,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ede6Cfbf9Fa18337B0Fdb49C1F693020 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L746-L757"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L746-L757"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "27f06a7a07b818fd34f5d23fd8e78f041063e035c1f8caa99aaaf53ec73a717a"
 		score = 75
 		quality = 75
@@ -212596,8 +216814,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4F407Eb50803845Cc43937823E1344C0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L759-L770"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L759-L770"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bb01e912cf40155b0b00e1901bbb3235048ee033d0ddea7a809f0ce8e871e1ce"
 		score = 75
 		quality = 75
@@ -212619,8 +216837,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2Bffef48E6A321B418041310Fdb9B0D0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L785-L796"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L785-L796"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d0223b6366f7bc22fd6dd053c1fb6c9e52f80b3bdf9ee46017ddf038bd1e00f"
 		score = 75
 		quality = 75
@@ -212642,8 +216860,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_73B60719Ee57974447C68187E49969A2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L798-L809"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L798-L809"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f9cc0f526a3acbfc30c6b76b6705f1a2d9c905b9bb7c996e4db3ca6d4d63be1c"
 		score = 75
 		quality = 75
@@ -212665,8 +216883,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2925263B65C7Fe1Cd47B0851Cc6951E3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L811-L822"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L811-L822"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "163293ce805cdd3ec265fb9c527a5ce19ddab0f6b96355acb636c941ce0bc5f2"
 		score = 75
 		quality = 75
@@ -212688,8 +216906,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4Ff4Eda5Fa641E70162713426401F438 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L824-L835"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L824-L835"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d08e12e74e9c0b7a89ffa81a1b8595953d857e571a5b7a6947eba18bf39610f6"
 		score = 75
 		quality = 75
@@ -212711,8 +216929,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_04C7Cdcc1698E25B493Eb4338D5E2F8B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L837-L848"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L837-L848"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d1e81d040a279d6024989acbdd40f69de99c97baf789591400370806e846a1c4"
 		score = 75
 		quality = 75
@@ -212734,8 +216952,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4C450Eccd61D334E0Afb2B2D9Bb1D812 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L850-L861"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L850-L861"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "70851d76af4a4dfe8f1ca4de9925f030d9b937050876828775b78eddd123e3cd"
 		score = 75
 		quality = 75
@@ -212757,8 +216975,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0E1Bacb85E77D355Ea69Ba0B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L863-L874"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L863-L874"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f0753c83001e2b9d235afe51ce5d245e085551584ee052a35aaadd95c6c5eeb7"
 		score = 75
 		quality = 75
@@ -212780,8 +216998,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5998B4Affe2Adf592E6528Ff800E567C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L876-L887"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L876-L887"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d9f589ce6367517f3c93b7b0675b19249108849e52bd9264e31bf8109e5a121f"
 		score = 75
 		quality = 75
@@ -212803,8 +217021,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B7E0Cf12E4Ae50Dd643A24285485602F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L889-L900"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L889-L900"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7aefb436b7e3865b1abb6bbc3e0027a628f39e25cb4b28f35f070e000c19c1c7"
 		score = 75
 		quality = 75
@@ -212826,8 +217044,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_767436921B2698Bd18400A24B01341B6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L902-L913"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L902-L913"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b09ec625a06dcf90df52c56b78889f24d55dbd8cbd7d82a07bdbc842318ff19a"
 		score = 75
 		quality = 75
@@ -212849,8 +217067,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_26B125E669E77A5E58Db378E9816Fbc3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L915-L926"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L915-L926"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "859793bfeba55c9912a1e18db86cd391d4c4981f4be11f3a53d887d429882671"
 		score = 75
 		quality = 75
@@ -212872,8 +217090,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_29A248A77D5D4066Fe5Da75F32102Bb5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L928-L939"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L928-L939"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "063a8b361e9fc91619912109427f6a0cbc7755e85dae820ea0f16709ac580ed1"
 		score = 75
 		quality = 75
@@ -212895,8 +217113,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3A9Bdec10E00E780316Baaebfe7A772C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L941-L952"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L941-L952"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1c0d23c9aa2ff705e3350e15b7ff83fc007ce6aaa57c4ed59201f3022f5d00a"
 		score = 75
 		quality = 75
@@ -212918,8 +217136,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_73F9819F3A1A49Bac1E220D7F3E0009B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L954-L965"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L954-L965"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9244fae0be6c1addbd0c740d7e153fd4109101184bc61375ddadb6d784769010"
 		score = 75
 		quality = 75
@@ -212941,8 +217159,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0989C97804C93Ec0004E2843 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L967-L978"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L967-L978"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "65b695eed221db86928ebd32a1f3cb35729754ba41cb2e5b6cf944890d211120"
 		score = 75
 		quality = 75
@@ -212964,8 +217182,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Ba32F984444Ea464Bea41D99A977Ea8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L980-L991"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L980-L991"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fcabdd038a2594dffddbfff71a7a8a1abae89c637355b3be7e5f26c1eb9e39c7"
 		score = 75
 		quality = 75
@@ -212987,8 +217205,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4F5A9Bf75Da76B949645475473793A7D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L993-L1004"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L993-L1004"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8f00efcd62a934fb6ec0205dc1d7bb7f7f3ab168150fee942536ef92f686d21d"
 		score = 75
 		quality = 75
@@ -213010,8 +217228,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_68B050Aa3D2C16F77E14A16Dc8D1C1Ac : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1006-L1017"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1006-L1017"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9de23897fbfe3c4a6d649558d1d71f890117ec80967bc5bd975aa6f33576c702"
 		score = 75
 		quality = 75
@@ -213033,8 +217251,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0F2B44E398Ba76C5F57779C41548607B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1019-L1030"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1019-L1030"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "172622595a3f6a6ab4ac2677c3064fab87b0a872c261031331c99cbd58671da2"
 		score = 75
 		quality = 75
@@ -213056,8 +217274,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Ad4Ce116B131Daf8D784C6Fab2Ea1F1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1032-L1043"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1032-L1043"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3221ffd8203cbef8735ed48acd77daae6bee33ade236b1ff2ced81a0f27d4ce5"
 		score = 75
 		quality = 75
@@ -213079,8 +217297,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_48Ce01Ac7E137F4313Cc5723Af817Da0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1045-L1056"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1045-L1056"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d92d4aa491b028620f17fd997a782f5e75247b2d3de7ef9026e2c62309275ce1"
 		score = 75
 		quality = 75
@@ -213102,8 +217320,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C7E62986C36246C64B8C9F2348141570 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1058-L1069"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1058-L1069"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dfb669ad42ac16d954405dc243b9d81dd9a748a14044d1fce3b71b490c58c82e"
 		score = 75
 		quality = 75
@@ -213125,8 +217343,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ee663737D82Df09C7038A6A6693A8323 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1086-L1097"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1086-L1097"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4057374b73ef13b6f101b939e11569cf010896097fd9322ab490c73d6808fa6f"
 		score = 75
 		quality = 75
@@ -213148,8 +217366,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3D568325Dec56Abf48E72317675Cacb7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1099-L1110"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1099-L1110"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a575c9989a3ee7824e8734940877ddb255b19070def460508f70d32f457411ac"
 		score = 75
 		quality = 75
@@ -213171,8 +217389,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3533080B377F80C0Ea826B2492Bf767B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1127-L1138"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1127-L1138"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a7adb9190be4a9cf60adf4b55c8abaa80e01224ea834fc05705afef37703899e"
 		score = 75
 		quality = 75
@@ -213194,8 +217412,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B0Ecd32F95F8761B8A6D5710C7F34590 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1140-L1151"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1140-L1151"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c181dab1f39138c67650d6654353de2be29cdbf45e0f5235776d28d40194f24"
 		score = 75
 		quality = 75
@@ -213217,8 +217435,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3A727248E1940C5Bf91A466B29C3B9Cd : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1153-L1164"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1153-L1164"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0afeb50b36d0ca1adbd6cb3accccb3ee093434b8c0bd8b03ae70ecc45c7423b5"
 		score = 75
 		quality = 75
@@ -213240,8 +217458,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ce40906451925405D0F6C130Db461F71 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1166-L1177"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1166-L1177"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "02b03b18942cff20ddce429f7be7cc9e54dfbf4884c79c7438c9b9d4415c5b93"
 		score = 75
 		quality = 75
@@ -213263,8 +217481,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E130D3537E0B7A4Dda47B4D6F95F9481 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1179-L1190"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1179-L1190"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c394a115fa3fbd7fb2838b61b3c439df3daa9aa44b1901d1740060df0539411e"
 		score = 75
 		quality = 75
@@ -213286,8 +217504,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4Bec555C48Aada75E83C09C9Ad22Dc7C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1192-L1203"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1192-L1203"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "de4562f70bbe25aa053f2476efca12b99cd4f2ee721df620d02d004bac2a59f9"
 		score = 75
 		quality = 75
@@ -213309,8 +217527,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009356E0361Bcf983Ab14276C332F814E7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1205-L1216"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1205-L1216"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e85adfa9c004a46fe6060a36def3f8387de1484eb9fc3ae935d00265da135eab"
 		score = 75
 		quality = 75
@@ -213332,8 +217550,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E5D20477E850C9F35C5C47123Ef34271 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1218-L1229"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1218-L1229"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "984f6dba8613ca43a9ffdcba63e57516bd2c6df02698b87aa4a080f89cc6abc0"
 		score = 75
 		quality = 75
@@ -213355,8 +217573,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C865D49345F1Ed9A84Bea40743Cdf1D7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1231-L1242"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1231-L1242"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1a43e85e8c8d254dc3ba48ee9be5c233818fd6137967cd0235e802a2de1f9564"
 		score = 75
 		quality = 75
@@ -213378,8 +217596,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_29F2093E925B7Fe70A9Ba7B909415251 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1244-L1255"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1244-L1255"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b3c6a0571c096e431594d9331b3ae8127b02cc3cdf1e994a113026d77bbae4c"
 		score = 75
 		quality = 75
@@ -213401,8 +217619,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0889E4181E71B16C4A810Bee38A78419 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1257-L1268"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1257-L1268"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2411f7ac79d18af295d77078c6e1c98c5a116ab24125c08946cb6ca09c28bc7b"
 		score = 75
 		quality = 75
@@ -213424,8 +217642,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C1Afabdaa1321F815Cdbb9467728Bc08 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1270-L1281"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1270-L1281"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be637a192a90a35be9879d5e36fb3cf9a56ca4158329d6b1fad458e2d05e3d26"
 		score = 75
 		quality = 75
@@ -213447,8 +217665,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_371381A66Fb96A07077860Ae4A6721E1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1283-L1294"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1283-L1294"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f087df37fdb6d921f411f130f26f9b5a58c36ae163bc88565178e0ed12be79d9"
 		score = 75
 		quality = 75
@@ -213470,8 +217688,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Deb004E56D7Fcec1Caa8F2928D4E768 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1296-L1307"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1296-L1307"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "69910c81ce85bc59972b644f548a4382b8f3b70ec2737ada9da7adcb4779ce9c"
 		score = 75
 		quality = 75
@@ -213493,8 +217711,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7Bd36898217B4Cc6B6427Dd7C361E43D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1309-L1320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1309-L1320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ff149b5a12e154c0ede5015a0432fb70d6001507356c006952e8db91afaa72d"
 		score = 75
 		quality = 75
@@ -213516,8 +217734,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02D17Fbf4869F23Fea43C7863902Df93 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1322-L1333"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1322-L1333"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a66e10934cc58e364a694dde3865d0de33e61ce0128ef144c61fa5728d22b8f8"
 		score = 75
 		quality = 75
@@ -213539,8 +217757,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1E74Cfe7De8C5F57840A61034414Ca9F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1335-L1346"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1335-L1346"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "14f57732a82b5139059bbe6f713184659187b57419d79e85a12ab197def4b761"
 		score = 75
 		quality = 75
@@ -213562,8 +217780,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009272607Cfc982B782A5D36C4B78F5E7B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1348-L1359"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1348-L1359"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d1c2b44e782befc8dae6852935b6f5b0071c13dd9b56857c38cb290c9069df18"
 		score = 75
 		quality = 75
@@ -213585,8 +217803,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7B91468122273Aa32B7Cfc80C331Ea13 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1361-L1372"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1361-L1372"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4c0fa18edb23c6a7474185adc67101ad9b13c71188f25612165cb97d236562d8"
 		score = 75
 		quality = 75
@@ -213608,8 +217826,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0082Cb93593B658100Cdd7A00C874287F2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1374-L1385"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1374-L1385"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "df8eb4feef3992bae7097a05860f57a1408fc79d92741e3ea2f202d072d9f47e"
 		score = 75
 		quality = 75
@@ -213631,8 +217849,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Df683D46D8C3832489672Cc4E82D3D5D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1387-L1398"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1387-L1398"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "153fdb25769d912732a1fb4ecc757fc8c7e4766cd6588ea16d9cf642b4be8bf6"
 		score = 75
 		quality = 75
@@ -213654,8 +217872,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_105440F57E9D04419F5A3E72195110E6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1400-L1411"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1400-L1411"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f8b7aebe91466a587dac366cf6483586f22f95ebc186aa139e55c6e52d276f63"
 		score = 75
 		quality = 75
@@ -213677,8 +217895,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C01E41Ff29078E6626A640C5A19A8D80 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1413-L1424"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1413-L1424"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ee6f365d46fb1ee0e448fc0ab9d07c51a46f6ee95155094ec956f1cad6c1052"
 		score = 75
 		quality = 75
@@ -213700,8 +217918,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Fa3Dcac19B884B44Ef4F81541184D6B0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1426-L1437"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1426-L1437"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7e9e2b22f6f2cfd5d7c962fb43c85d703d0a600f954f614073c708f4b881d90e"
 		score = 75
 		quality = 75
@@ -213723,8 +217941,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_70E1Ebd170Db8102D8C28E58392E5632 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1439-L1450"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1439-L1450"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b639424c97fb1da440c458cf5cb8f04562292284db7b576c0676a632704f597b"
 		score = 75
 		quality = 75
@@ -213746,8 +217964,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Cfa5050C819C4Acbb8Fa75979688Dff : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1452-L1463"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1452-L1463"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e5978deb84a0c6cee9132f8806f239f33478462da31a423a04922c195cbd343a"
 		score = 75
 		quality = 75
@@ -213769,8 +217987,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B8164F7143E1A313003Ab0C834562F1F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1465-L1476"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1465-L1476"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "77f8f125740de97e6fdd98103eefa2a431df0cbe2e7de44f7e863e22ebcfea4c"
 		score = 75
 		quality = 75
@@ -213792,8 +218010,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E3C7Cc0950152E9Ceead4304D01F6C89 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1478-L1489"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1478-L1489"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "395ed4c9c8668f6416632f85883c5fd5b6038ce8388410f22bcbe2a9e6281c35"
 		score = 75
 		quality = 75
@@ -213815,8 +218033,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6A241Ffe96A6349Df608D22C02942268 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1491-L1502"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1491-L1502"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "41db1a9b11e2d5b8de5ba81496d0e76ea5eddacc01c77bc28c7e05496842df04"
 		score = 75
 		quality = 75
@@ -213838,8 +218056,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C04F5D17Af872Cb2C37E3367Fe761D0D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1504-L1518"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1504-L1518"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7fa0d16600ae89e41d7b2b0655b142ea36202e8bbbf5f8e25cbb45a005995e79"
 		score = 75
 		quality = 75
@@ -213861,8 +218079,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5C7E78F53C31D6Aa5B45De14B47Eb5C4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1520-L1531"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1520-L1531"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0c804e7f1e43a98b150a97adcbba882f7764000abdf7c7408e3361aefa9298b5"
 		score = 75
 		quality = 75
@@ -213884,8 +218102,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7156Ec47Ef01Ab8359Ef4304E5Af1A05 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1533-L1544"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1533-L1544"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc8073ebb9847d642f15cc74859b643afe00b3c331f68c06f3ff62c037225201"
 		score = 75
 		quality = 75
@@ -213907,8 +218125,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B2E730B0526F36Faf7D093D48D6D9997 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1546-L1557"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1546-L1557"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "16c50b7a2b7b55662d5cdb2261a6b352657b2689a9328916fcf63ddfbef5d08f"
 		score = 75
 		quality = 75
@@ -213930,8 +218148,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2C90Eaf4De3Afc03Ba924C719435C2A3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1559-L1570"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1559-L1570"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "792898b34ebe4dfc603b3f3b54777a86827a52fd3699a799e95c436317be77da"
 		score = 75
 		quality = 75
@@ -213953,8 +218171,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Bdc81Bc76090Dae0Eee2E1Eb744A4F9A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1572-L1583"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1572-L1583"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "90c695b0cffd4786471faca21b77161ae6e930540766c4f18796a7adea74b6f5"
 		score = 75
 		quality = 75
@@ -213976,8 +218194,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E38259Cf24Cc702Ce441B683Ad578911 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1585-L1596"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1585-L1596"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "53d135553b88484e2c40976a9eaa0eb3f4f34c40ce775c198dfd6552155d1859"
 		score = 75
 		quality = 75
@@ -213999,8 +218217,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4929Ab561C812Af93Ddb9758B545F546 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1598-L1609"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1598-L1609"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a03f37840b24456a4a2ef8e7c456dc99396886682156e4e95f7547bf38d8dc4d"
 		score = 75
 		quality = 75
@@ -214022,8 +218240,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B649A966410F62999C939384Af553919 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1611-L1622"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1611-L1622"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "231b0aa0a1e7c72552d683cc4f93b39444f7c1ebb3bb719bee224aa62e9a28dd"
 		score = 75
 		quality = 75
@@ -214045,8 +218263,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_22367Dbefd0A325C3893Af52547B14Fa : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1624-L1635"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1624-L1635"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7b717a86ba0a6c3c8ba59c7b7c97dae802c351340ad67a9baf3f526b084e995a"
 		score = 75
 		quality = 75
@@ -214068,8 +218286,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E04A344B397F752A45B128A594A3D6B5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1637-L1648"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1637-L1648"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "db3c854b68387aa5c6976783e6f79f99fe3389344b64d38c603d298128193e12"
 		score = 75
 		quality = 75
@@ -214091,8 +218309,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A7989F8Be0C82D35A19E7B3Dd4Be30E5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1650-L1661"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1650-L1661"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "66d600d97b5aca1aa9a302671f06aef0d5c4ae9829d6cb16f191bd4c59462d2e"
 		score = 75
 		quality = 75
@@ -214114,8 +218332,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_39F56251Df2088223Cc03494084E6081 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1663-L1674"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1663-L1674"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dc757f831b2537f12151f4f9e886ccf83bacfbcaea3ce12b2199f13ae00b199e"
 		score = 75
 		quality = 75
@@ -214137,8 +218355,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009Cfbb4C69008821Aaacecde97Ee149Ab : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1676-L1687"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1676-L1687"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "de04f12b1fb1e12860bf4ac077b700d180b8d412890922b75264319559fbd997"
 		score = 75
 		quality = 75
@@ -214160,8 +218378,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008Cff807Edaf368A60E4106906D8Df319 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1689-L1700"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1689-L1700"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48752aff88cd3d546757a4220a64ca17cc9a5f00a42d2bc0571dedf5de769bc2"
 		score = 75
 		quality = 75
@@ -214183,8 +218401,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2924785Fd7990B2D510675176Dae2Bed : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1702-L1713"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1702-L1713"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dbdd714575d3c5f9554026fea97c6e91073d30cf728396111a5106303bb7b624"
 		score = 75
 		quality = 75
@@ -214206,8 +218424,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F2C4B99487Ed33396D77029B477494Bc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1715-L1726"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1715-L1726"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "109d71674b652a2f42bb2a45c877d3a6cbfe280d0324f9ac8fa746d322440694"
 		score = 75
 		quality = 75
@@ -214229,8 +218447,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C54Cccff8Acceb9654B6F585E2442Ef7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1728-L1739"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1728-L1739"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4be5e0f9f522f0d4096a63b001a02ea130ef56149dec7f0ac90be686b885cc4a"
 		score = 75
 		quality = 75
@@ -214252,8 +218470,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_690910Dc89D7857C3500Fb74Bed2B08D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1741-L1752"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1741-L1752"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62a1be8435f73f3768030feb6b5917d9a8075e7abac52e654231ba9d16ccc374"
 		score = 75
 		quality = 75
@@ -214275,8 +218493,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Af9B523180F34A24Fcfd11B74E7D6Cd : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1754-L1765"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1754-L1765"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e06c87bddfc4fbb8918b7b1d64ec66b810a5a0c635c34d820b33c3cf9789229c"
 		score = 75
 		quality = 75
@@ -214298,8 +218516,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F4D2Def53Bccb0Dd2B7D54E4853A2Fc5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1767-L1778"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1767-L1778"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0d9813d79f86ff22d5478469bee6cf457afe3780dd4308caa5da502faf816377"
 		score = 75
 		quality = 75
@@ -214321,8 +218539,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_56D576A062491Ea0A5877Ced418203A1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1780-L1791"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1780-L1791"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "877b773cb1bdc6c6c309374e95dc7eac4d525c681200169fcf492476f6335342"
 		score = 75
 		quality = 75
@@ -214344,8 +218562,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4152169F22454Ed604D03555B7Afb175 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1793-L1804"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1793-L1804"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee965ee8b6ebbb6171e3b10a7887acf35c9ed7fcbe49b7f403190c7fb046ec63"
 		score = 75
 		quality = 75
@@ -214367,8 +218585,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_41D05676E0D31908Be4Dead3486Aeae3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1806-L1817"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1806-L1817"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e4eb406e433b38ac127ba22040c48b510636eb55e2b524b02386710709d343b6"
 		score = 75
 		quality = 75
@@ -214390,8 +218608,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_13C7B92282Aae782Bfb00Baf879935F4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1819-L1830"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1819-L1830"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2742fd71eb8219db7785ad46be18a906fdab0914f632dfbf531238fd551a5b65"
 		score = 75
 		quality = 75
@@ -214413,8 +218631,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D627F1000D12485995514Bfbdefc55D9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1832-L1843"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1832-L1843"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ff60a73b889c8f1df127ead90a93fbf92131cfb475d58eea1ba1569f3e99e00"
 		score = 75
 		quality = 75
@@ -214436,8 +218654,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_62205361A758B00572D417Cba014F007 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1845-L1856"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1845-L1856"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "52d67bc94e82bb9a36e969d393c395465c84ff76f89c5f8407c20e2c761000e3"
 		score = 75
 		quality = 75
@@ -214459,8 +218677,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_566Ac16A57B132D3F64Dced14De790Ee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1858-L1869"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1858-L1869"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0618ce3ce0c5f8923c12a99586bbec8ec86229c7e08af75f5b0756f348d53bd5"
 		score = 75
 		quality = 75
@@ -214482,8 +218700,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_661Ba8F3C9D1B348413484E9A49502F7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1871-L1882"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1871-L1882"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "661af02d7a206f50e996caf690ded541acab8c8268df9e86744d36f7322efe5c"
 		score = 75
 		quality = 75
@@ -214505,8 +218723,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0092D9B92F8Cf7A1Ba8B2C025Be730C300 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1884-L1895"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1884-L1895"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "207fcc48053afb6a435c40fd8e25a88753139c35f4882a1975fdb8c55dc8ea89"
 		score = 75
 		quality = 75
@@ -214528,8 +218746,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E5Ad42C509A7C24605530D35832C091E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1897-L1908"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1897-L1908"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d76474257ee9a24d4785ddd119e586712a157ff7b420a7db2b8efe06c43f76c"
 		score = 75
 		quality = 75
@@ -214551,8 +218769,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3E57584Db26A2C2Ebc24Ae3E1954Fff6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1910-L1921"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1910-L1921"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cfc68c32ceba351610651d34fb420c64bab9a3b1564d9b6392f0ee8cdcdac7de"
 		score = 75
 		quality = 75
@@ -214574,8 +218792,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_13794371C052Ec0559E9B492Abb25C26 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1923-L1934"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1923-L1934"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "af80177181efd92b4e1a4a5c665df01add069dc3b47074bcbdd503516cf5a844"
 		score = 75
 		quality = 75
@@ -214597,8 +218815,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_51Aead5A9Ab2D841B449Fa82De3A8A00 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1936-L1947"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1936-L1947"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1658a12bb040b5b16c61469fe52abbaaecf5bd66bf5e45a2c2da9f80fa0c66f5"
 		score = 75
 		quality = 75
@@ -214620,8 +218838,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Bce1D49Ff444D032Ba3Dda6394A311E9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1949-L1960"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1949-L1960"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eeb1556808e790eea964658a8499ec2d9cc5638bf696fbbade2bc08a29fb3e65"
 		score = 75
 		quality = 75
@@ -214643,8 +218861,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Dadf44E4046372313Ee97B8E394C4079 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1962-L1973"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1962-L1973"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e4480ad6ce302a87e38915ef7ba09a94a4626ed359333276b899474f21d46238"
 		score = 75
 		quality = 75
@@ -214666,8 +218884,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F8C2E08438Bb0E9Adc955E4B493E5821 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1975-L1986"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1975-L1986"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2258ea96b56acb3025b5b2f39c07d482c375e75323d6f8e8ded91b8dab00656e"
 		score = 75
 		quality = 75
@@ -214689,8 +218907,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D2Caf7908Aaebfa1A8F3E2136Fece024 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L1988-L1999"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L1988-L1999"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2c8a322e687ed575e66ff308bcf0950ab87bc5ac3ab561c8cc3d81e9181ac708"
 		score = 75
 		quality = 75
@@ -214712,8 +218930,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_003223B4616C2687C04865Bee8321726A8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2001-L2012"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2001-L2012"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "671e3a589fb24a6c5e38126df45a4767815eff32014172930cab6ffbe135af81"
 		score = 75
 		quality = 75
@@ -214735,8 +218953,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Fa13Ae98E17Ae23Fcfe7Ae873D0C120 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2014-L2025"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2014-L2025"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "312d810386aebb509ffbd09d6b1ad6a761a03bc07ba5e4a158235786063389a9"
 		score = 75
 		quality = 75
@@ -214758,8 +218976,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3696883055975D571199C6B5D48F3Cd5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2027-L2038"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2027-L2038"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9232413a071a6100ba806b1fad2cd6cd2bb85351c36ad25cfc31b66ad041d686"
 		score = 75
 		quality = 75
@@ -214781,8 +218999,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Aff762E907F0644E76Ed8A7485Fb12A1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2040-L2051"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2040-L2051"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0be4642f6aaf2183d593240efcc8c2046970d3806a67ff53ca4ce7ee85df90e5"
 		score = 75
 		quality = 75
@@ -214804,8 +219022,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5B440A47E8Ce3Dd202271E5C7A666C78 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2053-L2064"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2053-L2064"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f898a3495e173d85fd62598da87ab15cbee0674519231a5e770204a4db3cd93f"
 		score = 75
 		quality = 75
@@ -214827,8 +219045,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Fe41941464B9992A69B7317418Ae8Eb7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2066-L2077"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2066-L2077"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "713a2cfc95b83de71064e198b26b716790c7cf21674961720695ab6749cb2ad1"
 		score = 75
 		quality = 75
@@ -214850,8 +219068,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_29128A56E7B3Bfb230742591Ac8B4718 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2079-L2090"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2079-L2090"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "16c9843b5e3edafa64e07626fda494452efa5d0bcaa80d7d80683258c2b9acd4"
 		score = 75
 		quality = 75
@@ -214873,8 +219091,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C2Bb11Cfc5E80Bf4E8Db2Ed0Aa7E50C5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2092-L2103"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2092-L2103"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e54eeea70e85396b26fe188b848ef37c619aae5fc909c1a06ad0bc42fb9b0468"
 		score = 75
 		quality = 75
@@ -214896,8 +219114,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_040Cc2255Db4E48Da1B4F242F5Edfa73 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2105-L2116"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2105-L2116"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ade204ebb2bf26515984d20ae459aaea56136acfd37a54abc794969fd05c54ce"
 		score = 75
 		quality = 75
@@ -214919,8 +219137,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3Bcaed3Ef678F2F9Bf38D09E149B8D70 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2118-L2129"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2118-L2129"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9981e0aed672ebfcbe7f0bc1eee6a26a1523b8577d5ee572612aaebf23d1fbcf"
 		score = 75
 		quality = 75
@@ -214942,8 +219160,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_091736D368A5980Ebeb433A0Ecb49Fbb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2131-L2142"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2131-L2142"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "858a98ba8fd3244b2c0f6d3dd89a294b0187dd1a82cdcca67c162985d80ca6ed"
 		score = 75
 		quality = 75
@@ -214965,8 +219183,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E48Cb3314977D77Dedcd4C77Dd144C50 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2144-L2155"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2144-L2155"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2ca0ce3812be5e46cb0bc9c73fc4f31294c8d594ca821ad924a3f06cf2430ca"
 		score = 75
 		quality = 75
@@ -214988,8 +219206,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1E72A72351Aecf884Df9Cdb77A16Fd84 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2157-L2168"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2157-L2168"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6555b89f1643f2e461a936df402dcbe8dd5100a1def76c7c6d8f792d1c0ed006"
 		score = 75
 		quality = 75
@@ -215011,8 +219229,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B383658885E271129A43D19De40C1Fc6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2170-L2181"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2170-L2181"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9312bc8f1005d71393ab63f05bdabff52752ad939dd4311485dc4b56f75eece9"
 		score = 75
 		quality = 75
@@ -215034,8 +219252,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ca7D54577243934F665Fd1D443855A3D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2183-L2194"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2183-L2194"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "867844464609a043902f07aad3fa568b482259655bc181d992bd409437165790"
 		score = 75
 		quality = 75
@@ -215057,8 +219275,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7709D2Df39E9A4F7Db2F3Cbc29B49743 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2196-L2207"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2196-L2207"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b63fa6e4e92549ae92b9a414390471c49fd50010bb7e10e1db72ff53370a6354"
 		score = 75
 		quality = 75
@@ -215080,8 +219298,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_186D49Fac34Ce99775B8E7Ffbf50679D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2209-L2220"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2209-L2220"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "950b14787e707be843d1443a612c372ceb0c2830de20bce1f62317fa39149e5b"
 		score = 75
 		quality = 75
@@ -215103,8 +219321,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0097Df46Acb26B7C81A13Cc467B47688C8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2222-L2233"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2222-L2233"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ab4da0ddd001acf9f8d78c4beb28c648f8516088561e3140739b4b41d93b58ef"
 		score = 75
 		quality = 75
@@ -215126,8 +219344,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2A52Acb34Bd075Ac9F58771D2A4Bbfba : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2235-L2246"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2235-L2246"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ffad34a94e9210bb98021c0ee0ddba4144406cca976537efe24e63367a295cd"
 		score = 75
 		quality = 75
@@ -215149,8 +219367,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5A9D897077A22Afe7Ad4C4A01Df6C418 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2248-L2259"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2248-L2259"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f82b59f5d1996ae37b0cb7f7a799e2fcc7d9da0ffddfe63cbbb84b6f0e7e7b23"
 		score = 75
 		quality = 75
@@ -215172,8 +219390,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D7C432E8D4Edef515Bfb9D1C214Ff0F5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2261-L2272"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2261-L2272"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ef64774a0b6b11820321cd36d49213ad245cea82960aab99bb18e44a2ee79a8"
 		score = 75
 		quality = 75
@@ -215195,8 +219413,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0085E1Af2Be0F380E5A5D11513Ddf45Fc6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2274-L2285"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2274-L2285"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a86b9aecf7697bd8e1f40407934c6a9941714404a931b0f1bed4ae7440f6921"
 		score = 75
 		quality = 75
@@ -215218,8 +219436,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02Aa497D39320Fc979Ad96160D90D410 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2287-L2298"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2287-L2298"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "762b1730c8cfcf5a89e49858723d5701c1fb958eb2cd4da5b240f21763cdabf8"
 		score = 75
 		quality = 75
@@ -215241,8 +219459,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_D0B094274C761F367A8Eaea08E1D9C8F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2300-L2311"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2300-L2311"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5ce9be0bdd8350dd5a8ae8cf2447d1be6b34ee3abc5c19754c63ef03b7cccec9"
 		score = 75
 		quality = 75
@@ -215264,8 +219482,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D59A05955A4A421500F9561Ce983Aac4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2313-L2324"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2313-L2324"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9187dcdbf29e5119d90ede266a14c7e46f5050800a38c57fa86e957c885c1d60"
 		score = 75
 		quality = 75
@@ -215287,8 +219505,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_35590Ebe4A02Dc23317D8Ce47A947A9B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2326-L2337"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2326-L2337"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c01f9ecb1e69f6d0cb8061930cda27469eb18be19c0471192b31d516cddf828f"
 		score = 75
 		quality = 75
@@ -215310,8 +219528,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1F23F001458716D435Cca1A55D660Ec5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2339-L2350"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2339-L2350"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3e91429f7b25ad54103ee230a36d4b51060adb458b533b9cbd00178a02676629"
 		score = 75
 		quality = 75
@@ -215333,8 +219551,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C2Fc83D458E653837Fcfc132C9B03062 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2352-L2363"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2352-L2363"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "96ed5e78195f12cdc0316ed454ad4e2235253ed897905c4a97756b306933d874"
 		score = 75
 		quality = 75
@@ -215356,8 +219574,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Fcb3D3519E66E5B6D90B8B595F558E81 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2365-L2376"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2365-L2376"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62c7189cc906b9f2d2724492489218d9aecf08ef431463ebf1963b034222f2ad"
 		score = 75
 		quality = 75
@@ -215379,8 +219597,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4B03Cabe6A0481F17A2Dbeb9Aefad425 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2378-L2389"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2378-L2389"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3c0d68a65bc53b83a48310857605afda0004b4122201c18a66fea085a210924"
 		score = 75
 		quality = 75
@@ -215402,8 +219620,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_539015999E304A5952985A994F9C3A53 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2391-L2402"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2391-L2402"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "72304761de1d5e81659487947a1cfa017f7f41d5639f18634db4dfd094980518"
 		score = 75
 		quality = 75
@@ -215425,8 +219643,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_016836311Fc39Fbb8E6F308Bb03Cc2B3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2404-L2415"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2404-L2415"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "912d490ac5d746c584e4dd5639be98d9577faba215cc1f8ebdf360581be53d5c"
 		score = 75
 		quality = 75
@@ -215448,8 +219666,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009Bd81A9Adaf71F1Ff081C1F4A05D7Fd7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2417-L2428"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2417-L2428"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "85efd10f6c49b93215c9f8f97915c62fb3ed3bb158b2137e953022b550263726"
 		score = 75
 		quality = 75
@@ -215471,8 +219689,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_082023879112289Bf351D297Cc8Efcfc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2430-L2441"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2430-L2441"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0747b37139daaba10a17098aeb0c6246290fbd997345de34ce9de8da26d7db05"
 		score = 75
 		quality = 75
@@ -215494,8 +219712,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ece6Cbf67Dc41635A5E5D075F286Af23 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2443-L2454"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2443-L2454"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "27ecc138f8d574c15095032c35ad51c00d8b98f21162d1f59f1f9ca9e5b54391"
 		score = 75
 		quality = 75
@@ -215517,8 +219735,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Fb6Bae8834Edd8D3D58818Edc86D7D7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2456-L2467"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2456-L2467"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9cec6eae024d738c68d670fb61f7667bdc156245da83e5d0ae0f2012baa5bc0a"
 		score = 75
 		quality = 75
@@ -215540,8 +219758,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6E0Ccbdfb4777E10Ea6221B90Dc350C2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2469-L2480"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2469-L2480"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fee9662133f0a3d88ce97c27f150bcea8faf21b4c4b97f90bb2aae73ee332bb9"
 		score = 75
 		quality = 75
@@ -215563,8 +219781,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1249Aa2Ada4967969B71Ce63Bf187C38 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2482-L2493"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2482-L2493"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9f8ff46a3b0f5179c2c3b89e82188183fa399c67c3f0ebc28218cf3cb4ce5c70"
 		score = 75
 		quality = 75
@@ -215586,8 +219804,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2Dcd0699Da08915Dde6D044Cb474157C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2495-L2506"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2495-L2506"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "096cf4bb17aa86821bd8d6c8b9fd603664beb12f54a97a87e660b560bd0fc246"
 		score = 75
 		quality = 75
@@ -215609,8 +219827,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008D52Fb12A2511E86Bbb0Ba75C517Eab0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2508-L2519"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2508-L2519"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "23dc0500af88af0e2c8ea7ff2c5a149d24fb7fd23853c4bf5ee5921a66a34672"
 		score = 75
 		quality = 75
@@ -215632,8 +219850,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B1Aea98Bf0Ce789B6C952310F14Edde0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2521-L2532"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2521-L2532"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f7e8a4a0dcd952129e24e8e9351f271d7ea98ffcb7ef9ebe65c27dcc62e6a820"
 		score = 75
 		quality = 75
@@ -215655,8 +219873,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F097E59809Ae2E771B7B9Ae5Fc3408D7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2534-L2545"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2534-L2545"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "817876ab8e649b36cac2e7b23d58fe94963c55481fbf3deff7e60a70896af6d0"
 		score = 75
 		quality = 75
@@ -215678,8 +219896,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2E8023A5A0328F66656E1Fc251C82680 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2547-L2558"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2547-L2558"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5f0ff46d6cb2a6fe50a4e433dfbf8f62acd92b7c92d922680894fdaee2558d31"
 		score = 75
 		quality = 75
@@ -215701,8 +219919,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_38B0Eaa7C533051A456Fb96C4Ecf91C4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2560-L2571"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2560-L2571"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ea8eaf1fc17075a8c1f34f9b1d8a987071d58a4b68bed70db763402a9a6de97"
 		score = 75
 		quality = 75
@@ -215724,8 +219942,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_738Db9460A10Bb8Bc03Dc59Feac3Be5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2573-L2584"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2573-L2584"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6a7060f2a5867e9974cb01de516ef34fb367ef9acf88e2f63c97dd05b1676504"
 		score = 75
 		quality = 75
@@ -215747,8 +219965,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_141D6Dafed065980D97520E666493396 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2586-L2597"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2586-L2597"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "37ed05b7a472ec6cbc1bba453f3be9ca1bd590ed6470d6607873ef52b28e3ea5"
 		score = 75
 		quality = 75
@@ -215770,8 +219988,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_07Cf63Bdccc15C55E5Ce785Bdfbeaacf : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2599-L2610"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2599-L2610"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1fdd8f6535bf5a78fcd7e33475a650914053f1391fe04f885e9e5a84452bfe5a"
 		score = 75
 		quality = 75
@@ -215793,8 +220011,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0382Cd4B6Ed21Ed7C3Eaea266269D000 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2612-L2623"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2612-L2623"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7e8204f2ec30da73bc2eb83e065412c96e084d7ff5f8ab6125d643693d7407d1"
 		score = 75
 		quality = 75
@@ -215816,8 +220034,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_08653Ef2Ed9E6Ebb56Ffa7E93F963235 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2625-L2636"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2625-L2636"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b0e35f2dbd27de0dc9ea6ee7958c477e6a154bc4c8bb5484ba85ed5732502645"
 		score = 75
 		quality = 75
@@ -215839,8 +220057,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ddce8Cdc91B5B649Bb4B45Ffbba6C6C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2638-L2649"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2638-L2649"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "940d257253a0a1a3f70dcec1cb57e9ab08108138ce3b80c9f74228a8b702601c"
 		score = 75
 		quality = 75
@@ -215862,8 +220080,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4Af27Cd14F5C809Eec1F46E483F03898 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2651-L2662"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2651-L2662"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0297f156d1e4d1c20143953759000b286ac9e1f8864aa511e0e2f8fa5c3eac7f"
 		score = 75
 		quality = 75
@@ -215885,8 +220103,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_105765998695197De4109828A68A4Ee0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2664-L2675"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2664-L2675"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c251f28eec6f93522f5a3706e1abcfd892affa2b36ed84ec277dc0d4716ff667"
 		score = 75
 		quality = 75
@@ -215908,8 +220126,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_53F575F7C33Ee007887F30680486Db5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2677-L2688"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2677-L2688"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "050d8c4dcb80cd637981c208c6d1316e9933d4f06bbf8af3717d2205a4f84f6d"
 		score = 75
 		quality = 75
@@ -215931,8 +220149,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7E89B9Df006Bd1Aa4C48D865039634Ca : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2690-L2701"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2690-L2701"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "825e4b69aec565b6ef6b4ac2394f5a562a84615e3c91331934fa378152635df4"
 		score = 75
 		quality = 75
@@ -215954,8 +220172,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ddeb53F957337Fbeaf98C4A615B149D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2703-L2714"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2703-L2714"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4932dcea41879fd29250456cfef7a32a1303f599adbd4b61d91cb2e7e22cf5a2"
 		score = 75
 		quality = 75
@@ -215977,8 +220195,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C88Af896B6452241Fe00E3Aaec11B1F8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2716-L2727"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2716-L2727"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a5f290f9479189ff83bf5da3a3d086453c9230311a48f4c0bd4654024ebeef8"
 		score = 75
 		quality = 75
@@ -216000,8 +220218,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_09E015E98E4Fabcc9Ac43E042C96090D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://blog.macnica.net/blog/2020/11/dtrack.html"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2729-L2742"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2729-L2742"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "77f9f50c6dd862419edaa7c3fcee0ce3f607a5b7b939d7844969082ab9777bbf"
 		score = 75
 		quality = 75
@@ -216023,8 +220241,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_118D813D830F218C0F46D4Fc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2744-L2755"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2744-L2755"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3240504794394c06f050ef3eb5ef82e0b476e2bbeabfb394fc4646e98bc6e976"
 		score = 75
 		quality = 75
@@ -216046,8 +220264,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2304Ecf0Ea2B2736Beddd26A903Ba952 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2757-L2768"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2757-L2768"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c10695440ec4e39cf5b51c926ceeacc13caf3a58006c64b0168a04b4755978a6"
 		score = 75
 		quality = 75
@@ -216069,8 +220287,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4D78E90E0950Fc630000000055657E1A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2770-L2781"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2770-L2781"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c2a3714173defa7b8e97ea92f8f85fb47011099bdc24067aafa273ebdd282f0f"
 		score = 75
 		quality = 75
@@ -216092,8 +220310,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0092Bc051F1811Bb0B86727C36394F7849 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2783-L2794"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2783-L2794"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bdf847f95bc6cc50513b76c57c3e76bc17caacd3419baabb2cab0161feb67508"
 		score = 75
 		quality = 75
@@ -216115,8 +220333,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_B4F42E2C153C904Fda64C957Ed7E1028 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2796-L2807"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2796-L2807"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d47f85602234eae7629b778b09ed5c3656c6afa8b6a7ba42cc46f451202a16c0"
 		score = 75
 		quality = 75
@@ -216138,8 +220356,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ac307E5257Bb814B818D3633B630326F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2809-L2820"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2809-L2820"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f187d3084eb189cdd0e858aed1d9589d586f369b128679c6c1dec860e544f326"
 		score = 75
 		quality = 75
@@ -216161,8 +220379,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_063A7D09107Eddd8Aa1F733634C6591B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2822-L2833"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2822-L2833"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8b6c1935d51207e6b9919c85d369dcc6963f52ee4d21758d18e2c57115e9051b"
 		score = 75
 		quality = 75
@@ -216184,8 +220402,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4C687A0022C36F89E253F91D1F6954E2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2835-L2846"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2835-L2846"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0bcbe8c85f02735378b5be95c098ca5088f451e390ec6ce76fb732f0db297c1f"
 		score = 75
 		quality = 75
@@ -216207,8 +220425,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3Cee26C125B8C188F316C3Fa78D9C2F1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2848-L2859"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2848-L2859"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "673a275a6d899b5de66d80cb55fa6438c2e14c70a96ba8461eb4946e1f4b4dfa"
 		score = 75
 		quality = 75
@@ -216230,8 +220448,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A0A27Aefd067Ac62Ce0247B72Bf33De3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2861-L2872"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2861-L2872"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c49e1d8b1a2d0e27fd25574ce587f60770ecac75c1db437bf7538d2ff47c8d4c"
 		score = 75
 		quality = 75
@@ -216253,8 +220471,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Eee8Cf0A0E4C78Faa03D07470161A90E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2874-L2885"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2874-L2885"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c14eeeab8cf9797499d23f451a695b443ecc8d3ebbc2edb830ae450e444178c"
 		score = 75
 		quality = 75
@@ -216276,8 +220494,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_79E1Cc0F6722E1A2C4647C21023Ca4Ee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2887-L2898"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2887-L2898"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9d0c02ae3eab7f7c28dba04cd08fdddef2be64a1622d7fb519a4bf3a40ef19b1"
 		score = 75
 		quality = 75
@@ -216299,8 +220517,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6D688Ecf46286Fe4B6823B91384Eca86 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2900-L2911"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2900-L2911"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "33296b5b9156af6d95bec9981a9fab3137bcd17bfb26ea2d212ae004275bf42e"
 		score = 75
 		quality = 75
@@ -216322,8 +220540,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_9Aa99F1B75A463460D38C4539Fae4F73 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2913-L2924"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2913-L2924"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b73c6ca2c0cd0e09f0add77c3af3c8e16f46cec29b49d4dcab5a569fed8d3d39"
 		score = 75
 		quality = 75
@@ -216345,8 +220563,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E414655F025399Cca4D7225D89689A04 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2926-L2937"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2926-L2937"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "589ad4939d235138791a98f5d43f6a786ad14345c995ad2e073d3673fb41365a"
 		score = 75
 		quality = 75
@@ -216368,8 +220586,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_64F82Ed8A90F92A940Be2Bb90Fbf6F48 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2939-L2950"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2939-L2950"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eacb9d8834bdf618b5aa44bfb37b0b6413f9b4595b6261a948566a63e9855162"
 		score = 75
 		quality = 75
@@ -216391,8 +220609,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F0031491B673Ecdf533D4Ebe4B54697F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2952-L2963"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2952-L2963"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4697ce0a7fcd1fa6ac1dd5246f2a23b85865bef4010280c4ca2e12c433b8ceb2"
 		score = 75
 		quality = 75
@@ -216414,8 +220632,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Becd4Ef55Ced54E5Bcde595D872Ae7Eb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2965-L2976"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2965-L2976"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b573853cfb28bdbda37c929834faa15475707684edfe99f14174599faf7b4fb6"
 		score = 75
 		quality = 75
@@ -216437,8 +220655,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_55B5E1Cf84A89C4E023399784B42A268 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2978-L2989"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2978-L2989"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "37f08db5373cf46da7c0a4a03af21559fdcddb2481f935d5cece55a1fb4abc3c"
 		score = 75
 		quality = 75
@@ -216460,8 +220678,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_84C3A47B739F1835D35B755D1E6741B5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L2991-L3002"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L2991-L3002"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6beb0966f2ed981c2e1a859ff9f659a566de867888123c387eeb89a97620345e"
 		score = 75
 		quality = 75
@@ -216483,8 +220701,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_28F6Ca1F249Cfb6Bdb16Bc57Aaf0Bd79 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3004-L3015"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3004-L3015"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c27ad7caa87b366593b82ff5e2b38bda5383e178e2cc01121aaaa5e90beaec86"
 		score = 75
 		quality = 75
@@ -216506,8 +220724,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2C3E87B9D430C2F0B14Fc1152E961F1A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3017-L3028"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3017-L3028"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "43a8f2d9055091f930af456abd334e38fb6a98bee3bfb8dcbf84c9563c777101"
 		score = 75
 		quality = 75
@@ -216529,8 +220747,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4808C88Ea243Eefa47610D5F5F0D02A2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3030-L3041"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3030-L3041"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9fa722bfed0c31e263772615799bbdc054da1424b139c7d73e5755334fb86346"
 		score = 75
 		quality = 75
@@ -216552,8 +220770,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2F184A6F054Dc9F7C74A63714B14Ce33 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3043-L3054"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3043-L3054"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d14428b81b4ae4a77a517d2148f4b67b45963b71d998139b42ed4e4352fae6a5"
 		score = 75
 		quality = 75
@@ -216575,8 +220793,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ced72Cc75Aa0Ebce09Dc0283076Ce9B1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3056-L3067"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3056-L3067"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "47fceb2a79271011bc6feed209ef4021db155dbc0fd4891f0dc1e900f2cb7fdb"
 		score = 75
 		quality = 75
@@ -216598,8 +220816,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C4564802095258281A284809930Dcf43 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3069-L3080"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3069-L3080"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "547613d507b04e3bd944515c77cb6ec161fe008b8e2b43cda574a46cbe2ef5ef"
 		score = 75
 		quality = 75
@@ -216621,8 +220839,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3D31Ed3B22867F425Db86Fb532Eb449F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3082-L3093"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3082-L3093"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3ec4fcd47867b688241dee693bcec98e633e179757ec8e7afd755c7d53a0cd7"
 		score = 75
 		quality = 75
@@ -216644,8 +220862,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_531549Ed4D2D53Fc7E1Beb47C6B13D58 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3095-L3106"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3095-L3106"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "554574657a913dbe0c576dbfcdd93a2494f2ffccf51eaabf06e5fafe2a895c3a"
 		score = 75
 		quality = 75
@@ -216667,8 +220885,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_8035Ed9C58Ea895505B05Ff926D486Bc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3108-L3119"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3108-L3119"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "caf1c962a0f4bd6c90753c6f1f0a2acadafa5fde6c7dacd02a3ca5cc15446ab4"
 		score = 75
 		quality = 75
@@ -216690,8 +220908,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Ca646B4275406Df639Cf603756F63D77 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3121-L3135"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3121-L3135"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "564ca7048413d6cd65371d65906132f62386410442b36b8bafeac5e09917465f"
 		score = 75
 		quality = 75
@@ -216713,8 +220931,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E267Fdbdc16F22E8185D35C437F84C87 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3137-L3148"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3137-L3148"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "403f0f8a65997d27494d7ac4aa99cf5ebb1471839f67b2f8b380225a0263fd67"
 		score = 75
 		quality = 75
@@ -216736,8 +220954,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Taffias : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3150-L3161"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3150-L3161"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dc6b65757ceb3818101c8694680d1f44af3726876bef30843cfc2cb51ec6ea02"
 		score = 75
 		quality = 75
@@ -216759,8 +220977,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_9F2492304Fc9C93844Dea7E5D6F0Ec77 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3163-L3174"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3163-L3174"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9c76d5756cc79e96d194addc0e2c2c11fa4341ffa9df8f171f35df76cb9c56c0"
 		score = 75
 		quality = 75
@@ -216782,8 +221000,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Dca9012634E8B609884Fe9284D30Eff5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3176-L3189"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3176-L3189"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b5d663228a27d5dae46f9f03bd04833b129fc453852cb9cb9fe43e405cdcecca"
 		score = 75
 		quality = 75
@@ -216805,8 +221023,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_781Ec65C3E38392D4C2F9E7F55F5C424 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3191-L3202"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3191-L3202"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "00b01a874e29fd2e25200f5e50c7121c3cc4bca614c31dd149d6197088292b35"
 		score = 75
 		quality = 75
@@ -216828,8 +221046,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Bd1E93D5787A737Eef930C70986D2A69 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3204-L3215"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3204-L3215"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0332d05f0f53ad22516fd41cb10238ad0b92ef49011e9e71a82fa2da1de5e953"
 		score = 75
 		quality = 75
@@ -216851,8 +221069,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_B0009Bb062F52Eb6001Ba79606De243D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3217-L3228"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3217-L3228"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "111a08d62f483daf23220e7044cc291b6ea6922746d48934f72a892b7dfd762b"
 		score = 75
 		quality = 75
@@ -216874,8 +221092,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_294E7A2Ccfc28Ed02843Ecff25F2Ac98 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3230-L3241"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3230-L3241"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "75c3093978875c7e523525a3b64bf985139359d9696fdb9dbd7db3e915043194"
 		score = 75
 		quality = 75
@@ -216897,8 +221115,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A61B5590C2D8Dc70A31F8Ea78Cda4353 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3243-L3254"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3243-L3254"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7d57f5cb2691d8dfb5f5ef63f7bfb4290f0bd8d990c61fe0655e35c1b3f554f0"
 		score = 75
 		quality = 75
@@ -216920,8 +221138,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_21C9A6Daff942F2Db6A0614D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3256-L3267"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3256-L3267"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c466a829d8141ba40187309559f62af73ea47e325eb95ef4c634bac60167788b"
 		score = 75
 		quality = 75
@@ -216943,8 +221161,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1F55Ae3Fca38827Cde6Cc7Ca1C0D2731 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3269-L3280"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3269-L3280"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1aa7c6c5430f196d1031acabfe141c30044c23c4119619752c50f4665966606e"
 		score = 75
 		quality = 75
@@ -216966,8 +221184,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008D1Bae9F7Aef1A2Bcc0D392F3Edf3A36 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3282-L3293"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3282-L3293"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6b15f97a51f25b1292cc3fd80889ea1edb01814d1951ef1d3b4cac5e83c7fbca"
 		score = 75
 		quality = 75
@@ -216989,8 +221207,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_239Ba103C2943D2Dff5E3211D6800D09 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3295-L3306"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3295-L3306"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b155ba969334945013af40fbf43b8318a221f6212c4a29e0ee98bc02bb9acafb"
 		score = 75
 		quality = 75
@@ -217012,8 +221230,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_205B80A74A5Dddedea6B84A1E1C44010 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3308-L3319"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3308-L3319"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1af8527193acdbcb3ba0239879c3b23c6ba4e68d920ae4d5ce503d44e32991f7"
 		score = 75
 		quality = 75
@@ -217035,8 +221253,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6C8D0Cf4D1593Ee8Dc8D34Be71E90251 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3321-L3332"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3321-L3332"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "981e4b426e926bd042f25a50de40d3e3462ed5fec0cf7261523b314b908a1276"
 		score = 75
 		quality = 75
@@ -217058,8 +221276,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7D08A74747557D6016Aaaf47A679312F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3334-L3345"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3334-L3345"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ff7c9635b9b43bef7401861d5dbf984d1e2aa1ea9e4d3df9ad348c552767628e"
 		score = 75
 		quality = 75
@@ -217081,8 +221299,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2095C6F1Eadb65Ce02862Bd620623B92 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3347-L3358"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3347-L3358"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0b75d8c59486d197f2cdff298114a7367bb6ad4cf71ee28273e0946e42d3f7e8"
 		score = 75
 		quality = 75
@@ -217104,8 +221322,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_899E32C9Bf2B533B9275C39F8F9Ff96D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3373-L3384"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3373-L3384"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c5fe3726fd19d050e762cc9e4e2099e74e3780c89a75dab55c12e16bfecd8642"
 		score = 75
 		quality = 75
@@ -217127,8 +221345,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0B5759Bc22Ad2128B8792E8535F9161E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3386-L3397"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3386-L3397"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ee543c204e5bf004224a2010f8cfd3196bb9c1e96de350548403224eaa502f6"
 		score = 75
 		quality = 75
@@ -217150,8 +221368,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_630Cf0E612F12805Ffa00A41D1032D7C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3399-L3410"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3399-L3410"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2256858ae75c47568fc6a38e2a587d302d99dd396dd398a450eaa6459ed55d13"
 		score = 75
 		quality = 75
@@ -217173,8 +221391,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_603Bce30597089D068320Fc77E400D06 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3412-L3423"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3412-L3423"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1e13c78cec21a015d9593b492ce5040f93247be63c079bfece96a3a74055aeba"
 		score = 75
 		quality = 75
@@ -217196,8 +221414,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5D5D03Edb4Ec4E185Caa3041824Ab75C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3425-L3436"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3425-L3436"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "863a1496ce37449fa7e94c407ce0e63a9d727fef9094135715d0cb14ed442e5e"
 		score = 75
 		quality = 75
@@ -217219,8 +221437,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Aec009984Fa957F3F48Fe3104Ca9Babc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3438-L3449"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3438-L3449"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "de9008e30468b94b4afbc622403b0257f5c5e3964344b980c18fc95219e06667"
 		score = 75
 		quality = 75
@@ -217242,8 +221460,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_283518F1940A11Caf187646D8063D61D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3451-L3462"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3451-L3462"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7db16bc44059e2538eb896011598a599c6aead90fb873c530ce8f5391e440164"
 		score = 75
 		quality = 75
@@ -217265,8 +221483,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_72F3E4707B94D0Eef214384De9B36E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3464-L3475"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3464-L3475"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c2a310ff70012076856239b5b5e6b46ffa121479dea38815e61f5336cecf8868"
 		score = 75
 		quality = 75
@@ -217288,8 +221506,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D875B3E3F2Db6C3Eb426E24946066111 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3477-L3488"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3477-L3488"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "470424bf28b723063be5d6801ee27b0f3748b761f9005616dcab4bd864db5463"
 		score = 75
 		quality = 75
@@ -217311,8 +221529,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3990362C34015Ce4C23Ecc3377Fd3C06 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3490-L3501"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3490-L3501"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5e91a10f5027cae35524bef326edf7d5bf3df5bbc37c111b01e33f7667b03ce3"
 		score = 75
 		quality = 75
@@ -217334,8 +221552,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_54A6D33F73129E0Ef059Ccf51Be0C35E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3503-L3514"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3503-L3514"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "93b332e4ad4e13c7e8241cf866091708232a6555a9240d828e558688167359a0"
 		score = 75
 		quality = 75
@@ -217357,8 +221575,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A55C15F733Bf1633E9Ffae8A6E3B37D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3516-L3527"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3516-L3527"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a772edb12dc0c351bb4d11f3e6ab3d9705af156ebeb4b8fff281bb418bfa1764"
 		score = 75
 		quality = 75
@@ -217380,8 +221598,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F675139Ea68B897A865A98F8E4611F00 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3529-L3540"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3529-L3540"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9893e21fd2d5a475c9defb484921de17f4afc00619be413b9d5d55095e7f596a"
 		score = 75
 		quality = 75
@@ -217403,8 +221621,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_121Fca3Cfa4Bd011669F5Cc4E053Aa3F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3542-L3553"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3542-L3553"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c5f7f23d9ba35bed3540233217e18b84c5ac0528fd3fe809c162fce6ccce0791"
 		score = 75
 		quality = 75
@@ -217426,8 +221644,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_62B80Fc5E1C02072019C88Ee356152C1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3555-L3566"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3555-L3566"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c06e31f5a071ff7c87af216d22bffa2970372fa341ad2593ef0c3c6a71dac945"
 		score = 75
 		quality = 75
@@ -217449,8 +221667,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F0E150C304De35F2E9086185581F4053 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3581-L3592"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3581-L3592"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fe3d5d57d0a98414e3e4f35248d3ebf64617c16a4119a21883c3679b06146745"
 		score = 75
 		quality = 75
@@ -217472,8 +221690,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A1A3E7280E0A2Df12F84309649820519 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3594-L3605"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3594-L3605"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c656fa5a6671f717cda5433c8780d308f11b7937e5ff66b4f3f74623b217365"
 		score = 75
 		quality = 75
@@ -217495,8 +221713,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Fb984D5A7296Ba74445C23Ead7D20Aa : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3607-L3618"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3607-L3618"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ff29013eb20bccbec16107404fc18b07c87ac5269b788c48a49a490271e94052"
 		score = 75
 		quality = 75
@@ -217518,8 +221736,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C314A8736F82C411B9F02076A6Db4771 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3620-L3631"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3620-L3631"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8aa08c4d1da62d0629db6e29f7a730da3534f114620e30f8d89e5475c12f43de"
 		score = 75
 		quality = 75
@@ -217541,8 +221759,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5F7Ef778D51Cd33A5Fc0D2E035Ccd29D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3633-L3644"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3633-L3644"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b57fd9840dceea97a2f013f803e8639add6c6b01f3764b65b3c1fe60ae0dd57"
 		score = 75
 		quality = 75
@@ -217564,8 +221782,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ab1D5E43E4Dde77221381E21A764C082 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3646-L3657"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3646-L3657"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3746c3494dca7fd2e0c7ab6641fe9ebbb8519df755022a3bde99c192158e4299"
 		score = 75
 		quality = 75
@@ -217587,8 +221805,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4743E140C05B33F0449023946Bd05Acb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3659-L3670"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3659-L3670"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be8764a008743f8ca8c1a5760c5daa7f6896c8710f5f79f9d5b42b07ef0d5fa8"
 		score = 75
 		quality = 75
@@ -217610,8 +221828,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2C1Ee9B583310B5E34A1Ee6945A34B26 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3672-L3683"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3672-L3683"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4891757929b64b45591792dd2526ffb7588345f76bcbd3e47f567e72ba03d7f2"
 		score = 75
 		quality = 75
@@ -217633,8 +221851,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D338F8A490E37E6C2Be80A0E349929Fa : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3685-L3696"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3685-L3696"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ed7a48df55f2d7873795470b9074421f4008d715db07978c79b174fc3f2a801a"
 		score = 75
 		quality = 75
@@ -217656,8 +221874,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_778906D40695F65Ba518Db760Df44Cd3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3698-L3709"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3698-L3709"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2687ec82b9c968dca91b8f54c600fae794d01be43a31cce4b0e6ef63672870fd"
 		score = 75
 		quality = 75
@@ -217679,8 +221897,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_45Eb9187A2505D8E6C842E6D366Ad0C8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3711-L3722"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3711-L3722"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a900017eb33db455b94e3474ce3a2f1ebf6416ff21477a464aba68d32fd7c938"
 		score = 75
 		quality = 75
@@ -217702,8 +221920,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Cbc2Af7D82295A8535F3B26B47522640 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3724-L3735"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3724-L3735"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d9fb9b36bc4370851fd0f54bb9fb05e02fc7a6288355b57073c31b1feade41e"
 		score = 75
 		quality = 75
@@ -217725,8 +221943,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ca1D9391Cf5Fe3E696831D98D6C35A6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3737-L3748"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3737-L3748"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4c60dea4fe28c2799dc88712275e62a795c848120c4b463109942b8d9bc29a81"
 		score = 75
 		quality = 75
@@ -217748,8 +221966,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_43A36A26Ebc78E111A874D8211A95E3F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3750-L3761"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3750-L3761"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2588c91e1cce7e595e4237843b03f3e65427b4c3ea634e9a4f8249e9c9f49dbe"
 		score = 75
 		quality = 75
@@ -217771,8 +221989,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5172Caa2119185382343Fcbe09C43Bee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3763-L3774"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3763-L3774"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7aa1447bd0ac43ac29ed69bd6618c3695bfb50517a7ffce7d4e793ae0c5e0fa6"
 		score = 75
 		quality = 75
@@ -217794,8 +222012,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009245D1511923F541844Faa3C6Bfebcbe : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3776-L3787"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3776-L3787"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d2c186b3aaaf353857e67ffd51a785e674335e824be78fc1c2ae1b9a0532eae"
 		score = 75
 		quality = 75
@@ -217817,8 +222035,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E161F76Da3B5E4623892C8E6Fda1Ea3D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3789-L3800"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3789-L3800"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7aae91e2873633989b3716930354361ee56d7fd7af35e105ae15ed6bf87de67a"
 		score = 75
 		quality = 75
@@ -217840,8 +222058,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009Faf8705A3Eaef9340800Cc4Fd38597C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3802-L3813"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3802-L3813"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "41c6561ef50950c7a5b4107b788e0469f77b9905b777edb24501649e4c313bd6"
 		score = 75
 		quality = 75
@@ -217863,8 +222081,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2888Cf0F953A4A3640Ee4Cfc6304D9D4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3815-L3826"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3815-L3826"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5e0d1b74422ae1004b0054c161d1dc949bb368ac17575e33c9b6d550bb136126"
 		score = 75
 		quality = 75
@@ -217886,8 +222104,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C8Edcfe8Be174C2F204D858C5B91Dea5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3828-L3839"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3828-L3839"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "56801a71547218413ab48381c412a8e1b7fd41a9f7a7c85dc6debdc38a19d6c4"
 		score = 75
 		quality = 75
@@ -217909,8 +222127,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1A311630876F694Fe1B75D972A953Bca : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3841-L3852"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3841-L3852"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f14532caf49e6f46f75e42e334d3170db0ebebfe75c9f3e057c237691b5d86a2"
 		score = 75
 		quality = 75
@@ -217932,8 +222150,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A496Bc774575C31Abec861B68C36Dcb6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3854-L3865"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3854-L3865"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf5282687f4707bc16d388361ddc0af1102df0d29066ece0b57215fcf9fdcc94"
 		score = 75
 		quality = 75
@@ -217955,8 +222173,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ea720222D92Dc8D48E3B3C3B0Fc360A6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3867-L3878"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3867-L3878"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "97b2699d4cb0fd88e3440ea82dd6ea87cdac69c6ba2acd884f5aef577b55e79d"
 		score = 75
 		quality = 75
@@ -217978,8 +222196,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_333Ca7D100B139B0D9C1A97Cb458E226 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3880-L3891"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3880-L3891"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4519127b975d93297cca9b465ad88b3d38ad0fce0de182246dca3f000e2438be"
 		score = 75
 		quality = 75
@@ -218001,8 +222219,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_58Ec8821Aa2A3755E1075F73321756F4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3893-L3904"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3893-L3904"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b79f161c77cbae0bec55fb2b047983660c84d2bb93db8c91cb6c22fd4ad197cc"
 		score = 75
 		quality = 75
@@ -218024,8 +222242,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0940Fa9A4080F35052B2077333769C2F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3906-L3917"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3906-L3917"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ecf6982c779a5fd867fef4b753313e379151491fa8865e8ae20f0c9362431a2"
 		score = 75
 		quality = 75
@@ -218047,8 +222265,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_56Fff139Df5Ae7E788E5D72196Dd563A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3919-L3930"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3919-L3930"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "022fd24ba023dba06f1c63d1d1c90d17dc82b060d634a27b237d37e37455964f"
 		score = 75
 		quality = 75
@@ -218070,8 +222288,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_03D433Fdc2469E9Fd878C80Bc0545147 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3932-L3943"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3932-L3943"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fde125138ade8ab1a61544b90160f2c1d4bba3a09ffcf828768f98d925ab91c6"
 		score = 75
 		quality = 75
@@ -218093,8 +222311,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Be3F393D1Ef0272Aed0E2319C1B5Dd0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3945-L3956"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3945-L3956"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a7ff863b07d5ce011bdbcf86a3f562e8201926c138848544559bd1d16597ff95"
 		score = 75
 		quality = 75
@@ -218116,8 +222334,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_65628C146Ace93037Fc58659F14Bd35F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3958-L3969"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3958-L3969"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a6b4cc307d6e6f4d5d275ef0765a7082216b1d277c9b1328abe7cb2c2497e411"
 		score = 75
 		quality = 75
@@ -218139,8 +222357,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0084817E07288A5025B9435570E7Fec1D3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3971-L3982"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3971-L3982"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "89da849911c6d6a3b6d45166bd9975828887b50ee149dea4cbae9cc5c0ecf6d2"
 		score = 75
 		quality = 75
@@ -218162,8 +222380,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4D26Bab89Fcf7Ff9Fa4Dc4847E563563 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3984-L3995"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3984-L3995"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3eadf6eda2819101a370688d636250085915be3ebf1b3dec7a86d12a6a5ce681"
 		score = 75
 		quality = 75
@@ -218185,8 +222403,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D9D419C9095A79B1F764297Addb935Da : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L3997-L4008"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L3997-L4008"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dd35b48752eec01e1bfff182410da9a857735e0052e9c1a0d7c366dbee808d3c"
 		score = 75
 		quality = 75
@@ -218208,8 +222426,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02E44D7D1D38Ae223B27A02Bacd79B53 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4010-L4021"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4010-L4021"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7ab506b2e4a716bc6f7115a071f46df4ea4ac88a4b636506a13ac0d383664e58"
 		score = 75
 		quality = 75
@@ -218231,8 +222449,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_041868Dd49840Ff44F8E3D3070568350 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4023-L4034"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4023-L4034"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "80abb596d96cb388bf3ff23598fc889d4c14cccf262d01f10a5be3a738a4907e"
 		score = 75
 		quality = 75
@@ -218254,8 +222472,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C501B7176B29A3Cb737361Cf85414874 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4036-L4047"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4036-L4047"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f3eb67b39e0e4e12388f17d231fadfc2ea36b1568191a411950c2e24c32ed09c"
 		score = 75
 		quality = 75
@@ -218277,8 +222495,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_234Bf4Ef892Df307373638014B35Ab37 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4049-L4060"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4049-L4060"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d01dbb798b309927e666e5e68c56c6eeabad7ccbc427d62f0507597c6e9e7aa7"
 		score = 75
 		quality = 75
@@ -218300,8 +222518,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C650Ae531100A91389A7F030228B3095 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4062-L4073"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4062-L4073"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e5afd76711e1b466d7eba742f50c7f9551498796f0aca45566bd9686034efac3"
 		score = 75
 		quality = 75
@@ -218323,8 +222541,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4F8Ebbb263F3Cbe558D37118C43F8D58 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4075-L4086"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4075-L4086"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e502e7e08fa82f8bd1b2b15c34999ece6b3d59d75ab1a4dda05b4b9440c49b7c"
 		score = 75
 		quality = 75
@@ -218346,8 +222564,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_01Ea62E443Cb2250C870Ff6Bb13Ba98E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4088-L4099"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4088-L4099"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dbf281989fb89976f83e0e2395f02c1e8c4c9ec5f96095786d9c6406518eb315"
 		score = 75
 		quality = 75
@@ -218369,8 +222587,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_726Ee7F5999B9E8574Ec59969C04955C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4101-L4112"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4101-L4112"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "494afa3711d93c56d52b8ae944db737cb53db8d27f2255c7045c3bf4478995a3"
 		score = 75
 		quality = 75
@@ -218392,8 +222610,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A005D2E2Bcd4137168217D8C727747C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4114-L4125"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4114-L4125"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b4024cd0d6c9a86d3956b9ba5d9692fc7ec2d7aa399a56a0b12f9387801a0b08"
 		score = 75
 		quality = 75
@@ -218415,8 +222633,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D3D74Ae548830D5B1Bca9856E16C564A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4127-L4138"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4127-L4138"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c72f10af530a6af4526ad956ef6058d097417a8fe3b902e3c7cba27b04e0c2c1"
 		score = 75
 		quality = 75
@@ -218438,8 +222656,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_41F8253E1Ceafbfd8E49F32C34A68F9E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4140-L4151"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4140-L4151"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "53f71030815dcdda8424fe858d26a08cf947a683e69c50ea5fda53f51b88bb93"
 		score = 75
 		quality = 75
@@ -218461,8 +222679,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A5B4F67Ad8B22Afc2Debe6Ce5F8F679 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4153-L4164"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4153-L4164"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "19cf46c112b546c26f12891727fdbc74aaa78bbdcdbc4e041781394f4cf5f719"
 		score = 75
 		quality = 75
@@ -218484,8 +222702,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_65Cd323C2483668B90A44A711D2A6B98 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4166-L4177"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4166-L4177"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e0a9868f9a42aeb8f90aff540a73bc8fa1bfebbf8ee6c0c71bd921cf914e0875"
 		score = 75
 		quality = 75
@@ -218507,8 +222725,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0F7E3Fda780E47E171864D8F5386Bc05 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4192-L4203"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4192-L4203"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "30e2daf85ee7f9f9615a49af949a034b50a97a1a7abf6a318547809cc9e7b0b7"
 		score = 75
 		quality = 75
@@ -218530,8 +222748,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C2Cbbd946Bc3Fdb944D522931D61D51A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4231-L4242"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4231-L4242"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6e67835cf85c713ef5a21b866a277e90236c607fb67d3fd9b2bba627c31d9e97"
 		score = 75
 		quality = 75
@@ -218553,8 +222771,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6E3B09F43C3A0Fd53B7D600F08Fae2B5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4244-L4255"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4244-L4255"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "45e2833dedacd875912d07dc63216400ddff76846f9c7bdf808f1db56ed4720c"
 		score = 75
 		quality = 75
@@ -218576,8 +222794,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Aa12C95D2Bcde0Ce141C6F1145B0D7Ef : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4257-L4268"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4257-L4268"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "34edd92640d8059f074513b526c7a2bf0d9265af9466a2ae66b93255044744c4"
 		score = 75
 		quality = 75
@@ -218599,8 +222817,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_03E9Eb4Dff67D4F9A554A422D5Ed86F3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4270-L4281"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4270-L4281"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a56f53cb94f78496b4935fc2a613d030bd550b749427501dd9dda18cb9e05ab3"
 		score = 75
 		quality = 75
@@ -218622,8 +222840,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4A7F07C5D4Ad2E23F9E8E03F0E229Dd4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4283-L4294"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4283-L4294"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2493dfe7e5a993a573c7b3c2f2642a8834feb525b3fc8402315a63ac09b9fccd"
 		score = 75
 		quality = 75
@@ -218645,8 +222863,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C6D7Ad852Af211Bf48F19Cc0242Dcd72 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4296-L4307"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4296-L4307"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e10de48bfa1edec81157eb95ef3478346c22dd6f7ef163e30887d3c7bb580c5e"
 		score = 75
 		quality = 75
@@ -218668,8 +222886,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0084888D5A12228E8950683Ecdab62Fe7A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4309-L4320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4309-L4320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4deda791923cdacccf57d54651ca44bd8c04d053a11ccf5700354f9f37be17de"
 		score = 75
 		quality = 75
@@ -218691,8 +222909,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_709D547A2F09D39C4C2334983F2Cbf50 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4322-L4333"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4322-L4333"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f45a2047181f3f07a8fb9cc00aafc31ba7aa369fc5c0165557757306a0de0d44"
 		score = 75
 		quality = 75
@@ -218714,8 +222932,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_98A04Ea05E8A949A4D880D0136794Df3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4335-L4346"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4335-L4346"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "05c63386558b954da3cfec1fd514a7a567189d9ac33d818cbbabf3eaf72ed130"
 		score = 75
 		quality = 75
@@ -218737,8 +222955,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2355895F1759E9E3648026F4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4348-L4360"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4348-L4360"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "429375af70872755ab2d517b125042795c9a20238405a4af5b0caecc46a3f563"
 		score = 75
 		quality = 75
@@ -218761,8 +222979,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00818631110B5D14331Dac7E6Ad998B902 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4376-L4390"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4376-L4390"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee82090ceb1378b44c283586d0f0b6ec0d9779fab2497b0168acec8e5546a4a8"
 		score = 75
 		quality = 75
@@ -218784,8 +223002,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7Ab21306B11Ff280A93Fc445876988Ab : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4392-L4403"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4392-L4403"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aa93d36d472d24cdd937c323ffa048fc71984fcf8a13400618ec8a0f2c172fc0"
 		score = 75
 		quality = 75
@@ -218807,8 +223025,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0086909B91F07F9316984D888D1E28Ab76 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4405-L4416"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4405-L4416"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eb8807437edbbba52a928de4ebf0a25513127bd9800088e0d85e41c8375a05b1"
 		score = 75
 		quality = 75
@@ -218830,8 +223048,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D4Ef1Ab6Ab5D3Cb35E4Efb7984Def7A2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4418-L4429"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4418-L4429"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "845abc1f08a4d56b32477fbe8855f45633833c68f4255d0690f10cc23c167e84"
 		score = 75
 		quality = 75
@@ -218853,8 +223071,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_13039Da3B2924B7A8B0A2Ac4637C2Efa : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4431-L4442"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4431-L4442"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7492f2a50effae809b512ce7a2a769f3db62ab3573974206b729417cc629ca83"
 		score = 75
 		quality = 75
@@ -218876,8 +223094,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2Abd2Eef14D480Dfea9Ca9Fdd823Cf03 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4444-L4455"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4444-L4455"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5f0f5dac599923f385fcd8e8b14349263cabe1c83242fe097d9fb26ea0567c1a"
 		score = 75
 		quality = 75
@@ -218899,8 +223117,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_08622B9Dd9D78E67678Ecc21E026522E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4457-L4468"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4457-L4468"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7e572c4241d92ad34efd91c3f6338da4093c83d84a734766448ac7cb2a72bc0c"
 		score = 75
 		quality = 75
@@ -218922,8 +223140,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5A17D5De74Fd8F09Df596Df3123139Bb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4470-L4481"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4470-L4481"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f5ff9f7d857da3329708ba9c0bfac0999b04aeb170fb60387f4b48fa6029a641"
 		score = 75
 		quality = 75
@@ -218945,8 +223163,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_15Da61D7E1A631803431561674Fb9B90 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4483-L4494"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4483-L4494"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4d30a4bf1b0425081369351df707be0531dcc1751512d9012a859b621d61a1b3"
 		score = 75
 		quality = 75
@@ -218968,8 +223186,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_58Aa64564A50E8B2D6E31D5Cd6250Fde : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4496-L4507"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4496-L4507"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7383dfc8b22379dc69cd1d93d2da40e177ba1e3b0b8b8891afb8ce594269d170"
 		score = 75
 		quality = 75
@@ -218991,8 +223209,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Bbd4Dc3768A51Aa2B3059C1Bad569276 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4509-L4520"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4509-L4520"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d506c2d6e630fabe1d4b805cd31aa54b04959db80630f656b3460c869ad544fa"
 		score = 75
 		quality = 75
@@ -219014,8 +223232,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3A236F003Bdefc0C55Aa42D9C6C0B08E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4522-L4533"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4522-L4533"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9930b2d3fdbd2f6da17d78dfbfe6229f0bd004686e4cc4960720710241237e48"
 		score = 75
 		quality = 75
@@ -219037,8 +223255,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_010000000001302693Cb45 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4535-L4547"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4535-L4547"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "74069d20e8b8299590420c9af2fdc8856c14d94929c285948585fc89ab2f938f"
 		logic_hash = "74c5d88012ab3e975123cde51ae3d01b6bee1ad0d6c0f5492c507fb2472b7532"
 		score = 75
@@ -219061,8 +223279,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3F8D23C136Ae9Cbeeac7605B24Ec0391 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4565-L4576"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4565-L4576"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f074e141e07cbf6b5b4726b52faa382b8ece809804dcfb9d45a5b2450125b5b7"
 		score = 75
 		quality = 75
@@ -219084,8 +223302,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3972443Af922B751D7D36C10Dd313595 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4578-L4589"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4578-L4589"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "764d0a288edd3bac90c0b93319f4f8ff8a7d567cda42aa52fe6114f4e56216ad"
 		score = 75
 		quality = 75
@@ -219107,8 +223325,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_37F3384B16D4Eef0A9B3344B50F1D8A3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4591-L4602"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4591-L4602"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4496052ff9677e0d031471e4ae9b3541099a2dbe024b4b5ba3f757800bfdcb07"
 		score = 75
 		quality = 75
@@ -219130,8 +223348,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B3969Cd6B2F913Acc99C3F61Fc14852F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4604-L4619"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4604-L4619"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ee7f3da2ae707517c1c426e6a73fdede51514e4ddf60b93fd77c1b6c23e82c0"
 		score = 75
 		quality = 75
@@ -219154,8 +223372,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0D83E7F47189Cdbfc7Fa3E5F58882329 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4621-L4632"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4621-L4632"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c4dffcad286e161980ccec2188459b8b7eaf0e982c7c69ca5ffbaf8e4d85d1b4"
 		score = 75
 		quality = 75
@@ -219177,8 +223395,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008385684419Ab26A3F2640B1496E1Fe94 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4634-L4645"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4634-L4645"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7c9de438d5c7156052e30ce70310aaa989ff1896f7b34ffc6c4fd8fc2bc60b85"
 		score = 75
 		quality = 75
@@ -219200,8 +223418,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Aec3D3F752A38617C1D7A677D0B5591 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4647-L4658"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4647-L4658"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4bbe5aac8a470061abab48070fafd2100c577cab1f40fcc5924dbd13bc747487"
 		score = 75
 		quality = 75
@@ -219223,8 +223441,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E5B2Af04Ea4B84A94609A47Eba3164Ec : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4660-L4671"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4660-L4671"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2e32bb0d9689625cd860a75539961410241de341ad4b7ee661df7d3b2dd47c46"
 		score = 75
 		quality = 75
@@ -219246,8 +223464,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Dummy01 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4673-L4687"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4673-L4687"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c72ac977ef92feead0a7ec72ec99b1a11f20b8c5258a08842a4dceddff91d659"
 		score = 75
 		quality = 75
@@ -219272,8 +223490,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A7E1Dc5352C3852C5523030F57F2425C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4689-L4700"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4689-L4700"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "06c151ae8b4a45eccef028ea69f0adf74445bd4d871fc65cc1d308f2005cede1"
 		score = 75
 		quality = 75
@@ -219295,8 +223513,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_635517466B67Bd4Bba805Bc67Ac3328C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4702-L4713"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4702-L4713"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "71cdb314e2f6bda70f9f627d72aea49290fdbce66f76a170aa6571873ca82860"
 		score = 75
 		quality = 75
@@ -219318,8 +223536,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A2253Aeb5B0Ff1Aecbfd412C18Ccf07A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4729-L4740"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4729-L4740"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "357de1cbdf3223dfb1a920bfb15bbbd66906de5225c0ed015e5a3fbbbb65a753"
 		score = 75
 		quality = 75
@@ -219341,8 +223559,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_21E3Cae5B77C41528658Ada08509C392 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4742-L4753"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4742-L4753"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c860e888b19b98c40cf00babfb022a79a35f12def0077733e796b2aeeea324ea"
 		score = 75
 		quality = 75
@@ -219364,8 +223582,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_09B3A7E559Fcb024C4B66B794E9540Cb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4790-L4802"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4790-L4802"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "345abbb31986fe3f8f6b7eb05c73d4d42daa9df6a7706b9cd2fb4f8aac61d40b"
 		score = 75
 		quality = 75
@@ -219388,8 +223606,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_19Beff8A6C129663E5E8C18953Dc1F67 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4804-L4815"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4804-L4815"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e62c4ab0652f872887b7bedadba3306c831351f57bc4a177302b1268d823f9f4"
 		score = 75
 		quality = 75
@@ -219411,8 +223629,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Cf2D0B5Bfdd68Cf777A0C12F806A569 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4817-L4828"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4817-L4828"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d3e625c05e974650bb9750f6dadbbba5825a34ea10902c807b9da457902d2b59"
 		score = 75
 		quality = 75
@@ -219434,8 +223652,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_56F008E69A7C4C3Feb389C66Eaf58259 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4830-L4841"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4830-L4841"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ba02eb734b461b02744c5fc901e45f4574249607398fb8a73850d5d5e89788b"
 		score = 75
 		quality = 75
@@ -219457,8 +223675,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_279B3A26F16A069Aa7Bca1811D44Ad9B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4857-L4873"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4857-L4873"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a01fd3db421a4b41318fa1264e8bc621ddeddb44b82b8f0b15e97eccec616e8"
 		score = 75
 		quality = 75
@@ -219485,8 +223703,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_07Cef66A71C35Bc3Aed6D100C6493863 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4875-L4886"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4875-L4886"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "24b89e65bc9d60a60e57f749735214c462e56c3194906e4bca52d74463617be4"
 		score = 75
 		quality = 75
@@ -219508,8 +223726,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D3356318924C8C42959Bf1D1574E6482 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4888-L4899"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4888-L4899"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "86ca8da7e9e704f64be8ecd9e270108337d28b540ba8cd669a8d536ccfefea95"
 		score = 75
 		quality = 75
@@ -219531,8 +223749,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_038Fc745523B41B40D653B83Aa381B80 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4901-L4912"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4901-L4912"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b760525c38610b8a5cc990335122eab81cb895dc523908ef841c5c3117a1a372"
 		score = 75
 		quality = 75
@@ -219554,8 +223772,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ac0A7B9420B369Af3Ddb748385B981 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4914-L4925"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4914-L4925"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "47dca0d0b84dd0d210cf7fdda3bcce796d090e5de3f4266bbed01eebdd397bfa"
 		score = 75
 		quality = 75
@@ -219577,8 +223795,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00913Ba16962Cd7Eee25965A6D0Eeffa10 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4927-L4938"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4927-L4938"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2e729c053d1a9d5895dc2247ea0804525f8f1744875d5c2f96b4255ad325dc5"
 		score = 75
 		quality = 75
@@ -219600,8 +223818,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F44A91704F9Ea388446D2635F2A8C8A5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4940-L4953"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4940-L4953"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cec66648ecde5b11a2a20674b2e1f10c8b917ebeb26ddba0ead2b6af45c8519b"
 		score = 75
 		quality = 75
@@ -219625,8 +223843,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_029685Cda1C8233D2409A31206F78F9F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4955-L4966"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4955-L4966"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a7eec901d92d6126cbc4468d7f2fbccc905f550c7dc8d28b405f583cfde9aea3"
 		score = 75
 		quality = 75
@@ -219648,8 +223866,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Aebe117A13B8Bca21685Df48C74F584D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4968-L4979"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4968-L4979"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cb17c6f311d88125ad0c790c61fe0dd1ffbdefdbea45ffb54c47da5d98f99900"
 		score = 75
 		quality = 75
@@ -219671,8 +223889,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_38989Ec61Ecdb7391Ff5647F7D58Ad18 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4981-L4992"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4981-L4992"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f2108c41c814a815047268d9934a01231936a1cf73cbb92476eb96c9fe4b1091"
 		score = 75
 		quality = 75
@@ -219694,8 +223912,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D08D83Ff118Df3777E371C5C482Cce7B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L4994-L5005"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L4994-L5005"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b6c7f5c57c79d11132535bedce77276f67c4f854f5e8ef2c12aced64f8a188d0"
 		score = 75
 		quality = 75
@@ -219717,8 +223935,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_249E3F1B7595E7D0Fe6Df13303287343 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5007-L5018"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5007-L5018"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4df122a53f2c1a08d1694c8e64b802f58507bb985f1aed8c91e6d7ad24906fca"
 		score = 75
 		quality = 75
@@ -219740,8 +223958,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_31D852F5Fca1A5966B5Ed08A14825C54 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5020-L5031"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5020-L5031"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e2890f8c623ce15d8a3f996e87be4b73a8cd9f96386ce8d356d7e0fad0342dd3"
 		score = 75
 		quality = 75
@@ -219763,8 +223981,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_510C5E540503F30C9Caa3082296Aa452 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5033-L5045"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5033-L5045"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c"
 		logic_hash = "9b6ad8b3e90fcd63f86b353e89ce7e6226197bfcb491e2151b8dbf580466076e"
 		score = 75
@@ -219787,8 +224005,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_56Bba7Fe242E6B49695Bcf07870F5F5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5047-L5058"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5047-L5058"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6c9da28b90bcff069509fc8e91c0a960805bb8339d0fa21f5466c38b6d20f95f"
 		score = 75
 		quality = 75
@@ -219810,8 +224028,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Dfef1A8C0Dbfef64Bc6C8A0647D6E873 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5060-L5071"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5060-L5071"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "104f066ddfd34edc328844d06a84a1663b0d271c02599825c1797704e582883a"
 		score = 75
 		quality = 75
@@ -219833,8 +224051,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0609B5Aad2Dfb81Fbe6B75E4Cfe372A6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5073-L5084"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5073-L5084"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2f483d06fd7af8db8e79203dcd4252d74f4859c0681e0bfcc4a97b351cb758a9"
 		score = 75
 		quality = 75
@@ -219856,8 +224074,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02B6656292310B84022Db5541Bc48Faf : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5086-L5097"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5086-L5097"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "374f7abfab6f7def8b895dc9536ca6bb7a605e9478934af6c97e8b7595fbee19"
 		score = 75
 		quality = 75
@@ -219879,8 +224097,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D609B6C95428954A999A8A99D4F198Af : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5099-L5110"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5099-L5110"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62eecc7cf240b9de6e04a43413bbeb84b673e9d3f1c4d67ec4082c099c6a87db"
 		score = 75
 		quality = 75
@@ -219902,8 +224120,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6A568F85De2061F67Ded98707D4988Df : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5112-L5123"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5112-L5123"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1aea9f6237cfbda49fea6d38ece935f9d4cc5abc678590c63b9a339aa37e104"
 		score = 75
 		quality = 75
@@ -219925,8 +224143,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F90E68Cbf92Fd7Ad409E281C3F2A0F0A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5125-L5137"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5125-L5137"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "d79a8f491c0112c3f26572350336fe7d22674f5550f37894643eba980ae5bd32"
 		logic_hash = "ca8d80a446df0c28e9fb4944bd69d9fa008be968c449e5a469b182fbf8744a3f"
 		score = 75
@@ -219949,8 +224167,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7Ddd3796A427B42F2E52D7C7Af0Ca54F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5139-L5150"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5139-L5150"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "15df43212a842936e2ea0d834797f11fe80af3d376a19aa9a806aa6ed793e679"
 		score = 75
 		quality = 75
@@ -219972,8 +224190,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_17D99Cc2F5B29522D422332E681F3E18 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5152-L5163"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5152-L5163"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "95116d1114239795707b310afea3122d274dac471546de1e0147992d1f3a1d4f"
 		score = 75
 		quality = 75
@@ -219995,8 +224213,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02De1Cc6C487954592F1Bf574Ca2B000 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5165-L5176"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5165-L5176"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5963377fee755a859bc4330a1094ea1c8b2b588133706a22f67c1fb85542e64f"
 		score = 75
 		quality = 75
@@ -220018,8 +224236,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_142Aac4217E22B525C8587589773Ba9B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5178-L5188"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5178-L5188"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a0abe691c6b0a7be8ceea313068a6943d611b1424a1a03e43b82239ddfe9cbd2"
 		score = 75
 		quality = 75
@@ -220041,8 +224259,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4026D6291F1Ac7Cf86C2C81172Cfb200 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5218-L5229"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5218-L5229"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c821f288bb6555e3955dfccf02edde2448f0499942eea24c488a6426985bff74"
 		score = 75
 		quality = 75
@@ -220064,8 +224282,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B0A308Fc2E71Ac4Ac40677B9C27Ccbad : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5231-L5242"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5231-L5242"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a71c47475327fb6268db34cd9d47451090fa3e673accfa905d32ebfb35f11e40"
 		score = 75
 		quality = 75
@@ -220087,8 +224305,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_009Ecaa6E28E7615Ef5A12D87E327264C0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5244-L5255"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5244-L5255"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "24858027f62fd057c06dbf58b4a6e1e5f1dcd9429676232a8e66d231e713f56a"
 		score = 75
 		quality = 75
@@ -220110,8 +224328,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_19985190B09206952Efd412D3Ccc18E2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5257-L5268"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5257-L5268"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6db1aaabd9a257e863a5ff771a736b705391602f7f5e2b799f8c47d3ae566f0f"
 		score = 75
 		quality = 75
@@ -220133,8 +224351,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_03B27D7F4Ee21A462A064A17Eef70D6C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5270-L5281"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5270-L5281"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "53a4c4474b1add510624e23eac642e8cba145248d72a2ffc37d0aca141a041c2"
 		score = 75
 		quality = 75
@@ -220156,8 +224374,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_66F98881Fbb02D0352Bef7C13Bd61Df2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5283-L5294"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5283-L5294"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "f265524fb9a4a58274dbd32b2ed0c3f816c5eff05e1007a2e7bba286b8ffa72c"
 		logic_hash = "3d70da3f644a90bc6e7b405a41225a328d7007187525a0b277f0fc1136be8b5b"
 		score = 75
@@ -220180,8 +224398,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3F8B1D4C656982A34435F971C9F3C301 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5296-L5307"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5296-L5307"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "95fd60c5f236b06fca308696dfe3e3aeb3aa6f255c6030d44822dc33a7c4c917"
 		score = 75
 		quality = 75
@@ -220203,8 +224421,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ef9D0Cf071D463Cd63D13083046A7B8D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5309-L5320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5309-L5320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9cf4ee1b3000d96d419bfd3e9ac3fb07f843aed735582c72e3a9799e2a56e364"
 		score = 75
 		quality = 75
@@ -220226,8 +224444,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E1E7E596F8F5Ccbeed4Ab882B6Cfe6Ce : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5322-L5333"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5322-L5333"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "56977d47d8fcfd5eb7b5b4a141a9465e1cd2c497f05e61854e0ab09e2c7065a0"
 		score = 75
 		quality = 75
@@ -220249,8 +224467,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_047801D5B55C800B48411Fd8C320Ca5B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5335-L5346"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5335-L5346"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5e64b59f3d7f7554a482eaa32f5eac80f289bf57865a21381a3c1c78b1dabcab"
 		score = 75
 		quality = 75
@@ -220272,8 +224490,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Ceb6B2Eec12934A64F75A4592159F084 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5366-L5377"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5366-L5377"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3e4aa8d970ead42bf1abb36a922ef31ac1b1aa308944cf099d6bbfb50e07c588"
 		score = 75
 		quality = 75
@@ -220295,8 +224513,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6B6739E55F3F25B147C4A6767De41F57 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5379-L5391"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5379-L5391"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "da0921c1e416b3734272dfa619f88c8cd32e9816cdcbeeb81d9e2b2e8a95af4c"
 		logic_hash = "9d1a20f3dfa6c31ed557e531f7a57c64032e518c033993234849882ef769fcbd"
 		score = 75
@@ -220319,8 +224537,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B97F66Bb221772Dc07Ef1D4Bed8F6085 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5393-L5404"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5393-L5404"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e68f6ebbeadc9381c2888abf77e040f27648a40d770524830f8a49fe2d11534f"
 		score = 75
 		quality = 75
@@ -220342,8 +224560,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Cc95D6Ebf18A3711E196Aea210465A19 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5406-L5417"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5406-L5417"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "640ba6d64ad7e0791ef29d3ee9387e0944826f22f01a6a01486f6b3ac4138826"
 		score = 75
 		quality = 75
@@ -220365,8 +224583,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Dde89C647Dc2138244228040E324Dc77 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5419-L5430"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5419-L5430"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d6c11a277f855ad8a4b235e1461ad024c4490d04530b91ecb47c8fcf8dee1239"
 		score = 75
 		quality = 75
@@ -220388,8 +224606,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Fed006Fbf85Cd1C6Ba6B4345B198E1E6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5432-L5443"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5432-L5443"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "26690cb1ef7eb9b7009376b4c2a30505f01184f4462478f65379372e84e02bc8"
 		score = 75
 		quality = 75
@@ -220411,8 +224629,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4E7545C9Fc5938F5198Ab9F1749Ca31C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5445-L5456"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5445-L5456"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4b7bc07622ad3f7ec77f4bb0d51350c82734af4b73a26ecd21955e55e99bb515"
 		score = 75
 		quality = 75
@@ -220434,8 +224652,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_040F11F124A73Bdecc41259845A8A773 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5458-L5469"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5458-L5469"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "70edbe8be481ccb7b5c6a6485c2ac249ec5120a4cde18d551954cfeaae121f27"
 		score = 75
 		quality = 75
@@ -220457,8 +224675,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1B1E87E90519D7273C0033Bf489B798F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5471-L5483"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5471-L5483"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252"
 		logic_hash = "b47f80ecc895e73d69c60a5e88d6a6c95fcb9bddb30f14a1421b68aabc2290c9"
 		score = 75
@@ -220481,8 +224699,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D9E834182Dec62C654E775E809Ac1D1B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5485-L5497"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5485-L5497"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "645dbb6df97018fafb4285dc18ea374c721c86349cb75494c7d63d6a6afc27e6"
 		logic_hash = "3e7ca9aec19f118c7a143826838244f3f8d0a603a44980522f5227a9c3a82a88"
 		score = 75
@@ -220505,8 +224723,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ced87Bd70B092Cb93B182Fac32655F6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5499-L5511"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5499-L5511"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "083d5efb4da09432a206cb7fba5cef2c82dd6cc080015fe69c2b36e71bca6c89"
 		logic_hash = "3d4d84a60095e608fbd774f2b3a0f86e32dd9fe25801da06ee10188425a029e0"
 		score = 75
@@ -220529,8 +224747,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Afd1491D52F89Ba41Fa6C0281Bb9716 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5513-L5524"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5513-L5524"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "071895cc37527aa634410dc79bf1656068e4c2b9f61d24912160c5f847e154f9"
 		score = 75
 		quality = 75
@@ -220552,8 +224770,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_719Ac44966D05762Ef95245Eefcf3046 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5526-L5537"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5526-L5537"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2b7c5ccc7a09d3917cf8625bc3e78526ba9620eb8bb08490124c24a5c2eda629"
 		score = 75
 		quality = 75
@@ -220575,8 +224793,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008Fe807310D98357A59382090634B93F0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5539-L5550"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5539-L5550"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a90430a6f07f67ead37e5cba9f0baee92551511a9f33a2a1fd3d2419322aaa8b"
 		score = 75
 		quality = 75
@@ -220598,8 +224816,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00801689896Ed339237464A41A2900A969 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5552-L5563"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5552-L5563"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9dc505e00e0085587aee2bf2e70db04850e11d057b8d16e31e8caebb130e047b"
 		score = 75
 		quality = 75
@@ -220621,8 +224839,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Podangers : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5565-L5576"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5565-L5576"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6a041e8ae4a7a1af59b81799b5c014691e347c8305266adeffd9d49337712b2e"
 		score = 75
 		quality = 75
@@ -220644,8 +224862,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E9A1E07314Bc2F2D51818454B63E5829 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5578-L5589"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5578-L5589"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3dfb75350bcdbb6861612f2f6cc757724260f99e4024df2b20c7b273bc50266"
 		score = 75
 		quality = 75
@@ -220667,8 +224885,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_9D915138Acdac1A044Afa6E5D99567C5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5591-L5602"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5591-L5602"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "32fb0d12a9b61461104e29571fcc7210f7ea8a82a8e240c747a0070d8d43a9b0"
 		score = 75
 		quality = 75
@@ -220690,8 +224908,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_11A9Bf6B2Dcbc683475B431A1C79133E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5604-L5615"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5604-L5615"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fa424180e60d2fde2fce085d0c848c5b33bcc58c2ca54f327f446ff5cf361fe2"
 		score = 75
 		quality = 75
@@ -220713,8 +224931,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3Fd3661533Eef209153C9Afec3Ba4D8A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5617-L5628"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5617-L5628"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e9662abf4c70d54fc719850ef216352fd59a559726fbad5db9e265660400b432"
 		score = 75
 		quality = 75
@@ -220736,8 +224954,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2Ba40F65086686Dd4Ab7171E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5630-L5641"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5630-L5641"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ed65c0b5d231be9dbbe34da493087d1bf83cf21c401435fed7e2851acdb6f60"
 		score = 75
 		quality = 75
@@ -220759,8 +224977,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_67144B9Ed89Fb2D106D0233873C6E35F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5643-L5654"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5643-L5654"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9d3c39c590a75b3ea1d1f699bea279c0c68498e51e2ab7f4ad3e3f8857d6d668"
 		score = 75
 		quality = 75
@@ -220782,8 +225000,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ca4822E6905Aa4Fca9E28523F04F14A3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5656-L5667"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5656-L5667"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6e0d7abd82805019c6b1c9df2479489bbd3fe7a4a1703971c02324072692b1e5"
 		score = 75
 		quality = 75
@@ -220805,8 +225023,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3769815A97A8Fb411E005282B37878E3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5669-L5680"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5669-L5680"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ccd548ebe2be2c7b44e6c39df50ffea4703d0b1decd78cc6fb4b3bbf9d85be0b"
 		score = 75
 		quality = 75
@@ -220828,8 +225046,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3B007314844B114C61Bc156A0609A286 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5682-L5693"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5682-L5693"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6f4e551a9be96f43a81e4da69f7b312dbdc16da17659a00a3486543a9c078e9"
 		score = 75
 		quality = 75
@@ -220851,8 +225069,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_262Ca7Ae19D688138E75932832B18F9D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5695-L5706"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5695-L5706"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e6e75206bea63856e4ab07ff9b1220448f3cad6d845ae09703b9e836015520d"
 		score = 75
 		quality = 75
@@ -220874,8 +225092,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6B0008Bbd5Eb53F5D9E616C3Ed00000008Bbd5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5708-L5719"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5708-L5719"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "185334d7f484585cd88a1d89516f805d0248234a61153f8a38cc78b52d4bd764"
 		score = 75
 		quality = 75
@@ -220897,8 +225115,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Abc3555Becca0Bc4B6987Ccc2Ea42B5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5721-L5732"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5721-L5732"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "76d4895f805a6638549c2d3b01a53873156e142d741b1fc2ccc0b18971b275a7"
 		score = 75
 		quality = 75
@@ -220920,8 +225138,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3C5Fc5D02273F297404F7B9306E447Bb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5734-L5745"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5734-L5745"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e73fd0a38c76783e3110abe82411cc3d22fbbc95684667dc754618f590f29970"
 		score = 75
 		quality = 75
@@ -220943,8 +225161,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7D36Cbb64Bc9Add17Ba71737D3Ecceca : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5763-L5774"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5763-L5774"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "070600994d7e137a769432e7c5995dac90f01cbce2c50de4c5baecea5d556baf"
 		score = 75
 		quality = 75
@@ -220966,8 +225184,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Df7139E106Dbb68Dfe4De97D862Af708 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5776-L5787"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5776-L5787"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "503ff5f570191ac61a20c2a6ffa5117d5c3ed632c04c4a02c710644c18a494d0"
 		score = 75
 		quality = 75
@@ -220989,8 +225207,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D4F9Fc08895654F8Bde8D1Cc26Eff015 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5789-L5800"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5789-L5800"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dfc90ce9c1d8a0fad9c50f61c90c4f7b00b6890ee45d218417f4a7196c3d1c18"
 		score = 75
 		quality = 75
@@ -221012,8 +225230,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0393Be7Fd785Ba0E3223A73B15Ee6736 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5802-L5813"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5802-L5813"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6805b2d04f8b89b9d4db8d47d74e83b6cdd7e778b038883fc8d3ef2e1b157070"
 		score = 75
 		quality = 75
@@ -221035,8 +225253,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008B7369B2F0C313634A1C1Dfc4A828A54 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5815-L5826"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5815-L5826"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "857eaa56ff5106e3808750b8833fd33a328b53a04f6fd2939aca30dbc6048329"
 		score = 75
 		quality = 75
@@ -221058,8 +225276,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_59A57E8Ba3Dcf2B6F59981Fda14B03 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5828-L5841"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5828-L5841"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1eeeef14502daafb303d1c09d8e55fb4df57a6bf250d1adc7e53862f2f5d5824"
 		score = 75
 		quality = 75
@@ -221083,8 +225301,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C79F817F082986Bef3209F6723C8Da97 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5843-L5856"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5843-L5856"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b6dd9cb0d2383bce3ab13b6a660b3f5ba554a2bf1fce4aabb6dd36187cc57f45"
 		score = 75
 		quality = 75
@@ -221108,8 +225326,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Beb721Fcb3274C984479D6554Efe8F49 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5858-L5869"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5858-L5869"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fdb28b4f8cf79d067ee8dcfc3109ceae38f7952c6fb34e61f489924d97d67151"
 		score = 75
 		quality = 75
@@ -221131,8 +225349,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C4188D6B70B4Bd3B977B19Abd04C1157 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5871-L5882"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5871-L5882"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6ed619e18d749c2524ad3c1ddc3268f9ddf77feb3a3f2c5954ae4e7124d63c75"
 		score = 75
 		quality = 75
@@ -221154,8 +225372,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ad255D4Ebefa751F3782587396C08629 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5884-L5895"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5884-L5895"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc51de3852257b12a780f80755c7ca21f5d82542649c65072fd9427271da12ef"
 		score = 75
 		quality = 75
@@ -221177,8 +225395,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_084B6F19898214A02A5F32E6Ea69F0Fd : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5897-L5908"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5897-L5908"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "844339ec8aaf93e279b294830a842f007d97adc4be4f6910d143ee16e5710ed5"
 		score = 75
 		quality = 75
@@ -221200,8 +225418,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_24C1Ef800F275Ab2780280C595De3464 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5910-L5921"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5910-L5921"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "773fdb6d15a5bd1282dd9a48601b453b62de2e9832822858ad750c6462d6e116"
 		score = 75
 		quality = 75
@@ -221223,8 +225441,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6401831B46588B9D872B02076C3A7B00 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5923-L5934"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5923-L5934"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9a90c9d51dd6eb37bb3b6b17c5e3e5ebb6b6922efa14e3d8d60e72bcdb7b7259"
 		score = 75
 		quality = 75
@@ -221246,8 +225464,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Cf1Ed2A6Ff4Bee621Efdf725Ea174B7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5936-L5947"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5936-L5947"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2902b075f40f1413eee937c045e082a3141ec309f9d8e1dfd3a384050ea0776c"
 		score = 75
 		quality = 75
@@ -221269,8 +225487,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7Ed801843Fa001B8Add52D3A97B25931 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5949-L5960"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5949-L5960"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2607dde1318b9b84056fc73664e4c1f82f20c23f311216e2201c3fdee0d1b6db"
 		score = 75
 		quality = 75
@@ -221292,8 +225510,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0F0Ed5318848703405D40F7C62D0F39A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5962-L5973"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5962-L5973"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "77bd8fd2dc48e2fc8abbf0f3411dfa8010326b6a9928fb392cce6e0fe8e9d309"
 		score = 75
 		quality = 75
@@ -221315,8 +225533,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_537Aa4F1Bae48F052C3E57C3E2E1Ee61 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5975-L5986"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5975-L5986"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "83d205998f43a2404146064e13726c149bc56fed6b886ee1812378c027f03da0"
 		score = 75
 		quality = 75
@@ -221338,8 +225556,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_61B11Ef9726Ab2E78132E01Bd791B336 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L5988-L5999"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L5988-L5999"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "50c89d732409ff680734f481d858256001245c10345d9e6f1cbb51dcdc9c2cc9"
 		score = 75
 		quality = 75
@@ -221361,8 +225579,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E339C8069126Aa6313484Fea85B4B326F7B8860C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6001-L6012"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6001-L6012"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6f373c5a8f99893088fa1afffeccdf24ae6ed118d7bea9df43281073bd8e85bb"
 		score = 75
 		quality = 75
@@ -221384,8 +225602,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_734D0Baf7A6B44743Ff852C8Ba7A751A7Ff0Ec73 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6031-L6042"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6031-L6042"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "54620c58bae2c2f9859916a58b0fef4310dd27fdada663c28bb7d58bdaefc7c5"
 		score = 75
 		quality = 75
@@ -221407,8 +225625,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_02Fa994D660De659Ee9037Ecb437D766 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6044-L6056"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6044-L6056"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "0868a2a7b5e276d3a4a40cdef994de934d33d62a689d7207a31fd57d012ef948"
 		logic_hash = "04244701311fcdc77b1e3a8f20621e474ed607be3d109c629280d528e2f24e1f"
 		score = 75
@@ -221431,8 +225649,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0B446546C36525Bf5F084F6Bbbba7097 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6058-L6071"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6058-L6071"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "3163ffc06848f6c48ac460ab844470ef85a07b847bf187c2c9cb26c14032a1a5"
 		logic_hash = "6dcf87b929c28cc013ee5c9de85aa026e335e1e5c38a440bc6b5dc11c6bf9a91"
 		score = 75
@@ -221455,8 +225673,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E4E795Fd1Fd25595B869Ce22Aa7Dc49F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6087-L6101"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6087-L6101"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0aef5e2af3059597d218c544bc0b56078e1ef924af0530c62aa12679e0816410"
 		score = 75
 		quality = 75
@@ -221478,8 +225696,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008E0Fa6B464D466Df1B267504B04F7B27 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6103-L6114"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6103-L6114"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1f992d81b63108840d457f3f1906524cf4a9d4bec4a91f7bc826fae9989d40e0"
 		score = 75
 		quality = 75
@@ -221501,8 +225719,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_559Cb90Fd16E9D1Ad375F050Ab6A6616 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6116-L6127"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6116-L6127"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a91f23e2281efb95b780b26018f1c89485a87c6541ac84025dad3e6dd55c742e"
 		score = 75
 		quality = 75
@@ -221524,8 +225742,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Eb95A7Bd7553533D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6159-L6170"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6159-L6170"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e646346d94791c2a86a7240d4cf1f9138a30ca583b021ae5b17471cef20a98de"
 		score = 75
 		quality = 75
@@ -221547,8 +225765,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A1F3A057A1Dce4Bf7D76D0C7Adf837E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6172-L6184"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6172-L6184"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "2df05a70d3ce646285a0f888df15064b4e73034b67e06d9a4f4da680ed62e926"
 		logic_hash = "de9ae66e497730db54fc21a745426c687c3a4d9819c08bc1dca0b42a5b8070ac"
 		score = 75
@@ -221571,8 +225789,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00849Ea0945Dd2Ea2Dc3Cc2486578A5715 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6186-L6197"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6186-L6197"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "824744510e73cd6717e3626a5a250466bfb5817fd7172fc32466c2e68e20947b"
 		score = 75
 		quality = 75
@@ -221594,8 +225812,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0537F25A88E24Cafdd7919Fa301E8146 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6215-L6227"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6215-L6227"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		hash = "72ac61e6311f2a6430d005052dbc0cc58587e7b75722b5e34a71081370f4ddd5"
 		logic_hash = "8cd68612354a756c4a52d6baea9ef6ed74c94f5fcf25baa2f72c1131e0828f84"
 		score = 75
@@ -221618,8 +225836,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2E4A279Bde2Eb688E8Ab30F5904Fa875 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6229-L6240"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6229-L6240"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "768b2cb64f7ce359285721bbfd2f2f6aac4065ec234dc091933d962a7f0ab79a"
 		score = 75
 		quality = 75
@@ -221641,8 +225859,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Fbe6758Ae785D7C678A4Ad8De5C3F7E6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6242-L6253"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6242-L6253"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c6d84435c5c4f71696ce0414c87216bbb0603cb75d6e37abaf73e3708904032e"
 		score = 75
 		quality = 75
@@ -221664,8 +225882,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A73B6D821F84Db4451D6Eedd62C42848 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6255-L6266"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6255-L6266"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "448527bcbe2851bffefabe06a58e3ca68c092a2080041c51acacad3d5119aa0c"
 		score = 75
 		quality = 75
@@ -221687,8 +225905,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_500D76B1B4Bfaf4A131F027668Fea2D3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6268-L6279"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6268-L6279"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a4f626e5ae9d273723814b0d944b067e70714e10776600a1bd0f90af31c1146a"
 		score = 75
 		quality = 75
@@ -221710,8 +225928,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_54Cd7Ae1C27F1421136Ed25088F4979A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6281-L6292"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6281-L6292"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2b94ccd7f85a2b21edaf4b28f14827b399cdb82307c20320f77eb775c05751f1"
 		score = 75
 		quality = 75
@@ -221733,8 +225951,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_65Efa92A4164A3A2D888B5Cf8Ff073C8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6294-L6305"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6294-L6305"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "189f154d5b71bea9c06cd2c79d2460a1fb8cc9e0670a9ef8545e3abad80c8a06"
 		score = 75
 		quality = 75
@@ -221756,8 +225974,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ad0A958Cdf188Bed43154A54Bf23Afba : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6307-L6321"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6307-L6321"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6031cb276cbb419789a3f3e57654dd9569feb612b0aebc2b72ae8b644f07bca9"
 		score = 75
 		quality = 75
@@ -221779,8 +225997,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_05Abac07F8D0Ce567F7D75Ee047Efee2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6323-L6334"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6323-L6334"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0196ebd0b5821863c99676907a972e214f46411650fe20557e9f919609d12659"
 		score = 75
 		quality = 75
@@ -221802,8 +226020,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_62165B335C13A1A847Ce9Acff2B29368 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6336-L6347"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6336-L6347"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "19e189c49f435f8b2aca0944d0f648a4126f83b7498982a262230e2f69ada8b7"
 		score = 75
 		quality = 75
@@ -221825,8 +226043,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4Cdffb4F02C55Ae60A099652605Da274 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6366-L6377"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6366-L6377"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1b655f42302bed2091aaa5d37156c68eaf812f0c287bf42b24942a8b845b7476"
 		score = 75
 		quality = 75
@@ -221848,8 +226066,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_25Ad5Ae68C38Ad1021086F4Ffc8Ba470 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6379-L6390"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6379-L6390"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "80b67b804e47fba825fabfee39f9a0aae78a4465b088c28b6f6972acd614bb89"
 		score = 75
 		quality = 75
@@ -221871,8 +226089,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_277Cd16De5D61B9398B645Afe41C09C7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6392-L6403"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6392-L6403"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dccfd52a3bcc11897d05f5450600dbd2f1f699732341cebed6dda37a76fd5f2d"
 		score = 75
 		quality = 75
@@ -221894,8 +226112,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_066276Af2F2C7E246D3B1Cab1B4Aa42E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6405-L6416"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6405-L6416"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2a554105ae99de388621adefb2f53d2d0873ac3175ca2ccf00fc6a498ea2fd29"
 		score = 75
 		quality = 75
@@ -221917,8 +226135,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_289051A83F350A2C600187C99B6C0A73 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6418-L6429"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6418-L6429"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f094e923dc53cc1edc6ac83cf69fb60fd3c564606a5bfb68facb482918399799"
 		score = 75
 		quality = 75
@@ -221940,8 +226158,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_25A28E418Ef2D55B87Ee715B42Afbedb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6431-L6442"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6431-L6442"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be40d3b202b400eda7e78280b674823f789e292a35f0892ab3a323d1b055e789"
 		score = 75
 		quality = 75
@@ -221963,8 +226181,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Vmprotect_Client : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6444-L6455"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6444-L6455"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d55d9fe608d5ff357a3bcf700a3d8bd9556f83c7c792b50d2276228a77209346"
 		score = 75
 		quality = 75
@@ -221987,8 +226205,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_44Fe73F320Aa8B7B4F5Ca910Aa22333A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6457-L6468"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6457-L6468"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a456cd32eed6c1f037bc565e7a43f2a5a2237749afc31f6b7a8b8d7a657973c6"
 		score = 75
 		quality = 75
@@ -222010,8 +226228,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Df45B36C9D0Bd248C3F9494E7Ca822 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6470-L6481"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6470-L6481"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "40f4ad4183ca0bc76295c535a9286994ef0e3f8ac932372328016d543bb58ab5"
 		score = 75
 		quality = 75
@@ -222033,8 +226251,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Adbb8Aebf8B53C6713Abaca38Be9Bf0A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6483-L6497"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6483-L6497"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d5e85240df57bf3b5ec4f690943f71609aaf2fb2f751b2919b6024b4247cd571"
 		score = 75
 		quality = 75
@@ -222056,8 +226274,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Ffc9825644Caf5B1F521780C5C7F42C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6499-L6510"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6499-L6510"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9866608a02a043e6873c6fbd231cd733b3b5a1e5b77e3205e5cf53f5ae2bcadd"
 		score = 75
 		quality = 75
@@ -222079,8 +226297,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3112C69D460C781Fd649C71E61Bfec82 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6512-L6523"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6512-L6523"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9662a01369bc01367bcae7813b3fcb3050721471dd247885bcab8918de7c6b99"
 		score = 75
 		quality = 75
@@ -222102,8 +226320,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F64E5B34Dc0E4893495D3B9Fd9Cde4B7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6525-L6536"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6525-L6536"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "497e63e4a19fa5b05d1098177dc73ae2255d4608d97e1001461dc4f8edced169"
 		score = 75
 		quality = 75
@@ -222125,8 +226343,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Bec31A0A40D2E834E51Ae704E1Bf9D3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6538-L6549"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6538-L6549"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1fdd6e76deea106db9fc4ef0916b2cecd6edb3849847946f15c194a9028a76e"
 		score = 75
 		quality = 75
@@ -222148,8 +226366,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_9Fac361Ee3304079 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6551-L6565"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6551-L6565"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a32fe70e2242e587007c3985420c3bea25d35aff37f62881cc386bdeff22ca93"
 		score = 75
 		quality = 75
@@ -222171,8 +226389,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1895De749994D0Db : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6567-L6578"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6567-L6578"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0b5e7998bd6303a12a8681bca88b7802caa08d9272196b830ffac5573b6e3772"
 		score = 75
 		quality = 75
@@ -222194,8 +226412,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_28B691272719B1Ee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6580-L6591"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6580-L6591"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b2224f8107e7c50334c7e12963e4e37c0a6824c49842afb314c12d6de9d6bc5e"
 		score = 75
 		quality = 75
@@ -222217,8 +226435,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E3B80C0932B52A708477939B0D32186F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6593-L6607"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6593-L6607"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a0a95c20c5c82b460ddef686731d1053181cb5066bbb4f585a4f402f50efe030"
 		score = 75
 		quality = 75
@@ -222240,8 +226458,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00C667Ffe3A5B0A5Ae7Cf3A9E41682E91B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6609-L6623"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6609-L6623"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d3d0cfb42758f917b003f7979f7123c1789c9e9b4e01b1aebf265a298eac08f"
 		score = 75
 		quality = 75
@@ -222263,8 +226481,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Sagsanlgs : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6639-L6650"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6639-L6650"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ab10d8605f501f3c4f3a3afa31c5b001e03354846ff1953e7e36ceb9b564bf6"
 		score = 75
 		quality = 75
@@ -222286,8 +226504,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00989A33B72A2Aa29E32D0A5E155C53963 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6668-L6682"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6668-L6682"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f016093cd512bcbf31814ff1619441e476b3988d0670f469f6311eda37ae295d"
 		score = 75
 		quality = 75
@@ -222309,8 +226527,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00B8F726508Cf1D7B7913Bf4Bbd1E5C19C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6684-L6698"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6684-L6698"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "71eb50a47465d69dbdd488c57b3fd9f70a4dd3b0bc086ed14038320928bc947e"
 		score = 75
 		quality = 75
@@ -222332,8 +226550,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Aa099E64E214D655801Ea38Ad876711 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6700-L6712"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6700-L6712"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a4211bc2f3cedb8b135566d4b22251523a3a2bbdb04c1f1c5b1336ae7c198773"
 		score = 75
 		quality = 75
@@ -222356,8 +226574,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_54Cc50D147Fa549E3F721C754E4E3A91 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6714-L6726"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6714-L6726"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "367237a9370542a4506fb13683f0a91e4bf5eb871e4b9f62b4cae8316bdf2d9a"
 		score = 75
 		quality = 75
@@ -222380,8 +226598,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1E508Bb2398808Bc420A5A1F67Ba5D0B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6728-L6740"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6728-L6740"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "71b7efab5359408e3897498ce031c8375e2d67bfc8ff15c685df5ac6dd4bb015"
 		score = 75
 		quality = 75
@@ -222404,8 +226622,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_008B3333D32B2C2A1D33B41Ba5Db9D4D2D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6742-L6757"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6742-L6757"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c15a248dd52e7e888da381fda296cf19c53196ef52c4c4ce74af646d427eccde"
 		score = 75
 		quality = 75
@@ -222428,8 +226646,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_B548765Eebe9468348Af40B9891C1E63 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6759-L6771"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6759-L6771"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "db8136f63657130bb3fe2527bb597e70bc3d46395aa3137810f4ee4b4de6c6ec"
 		score = 75
 		quality = 75
@@ -222452,8 +226670,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4697C7Ddd3E37Fe275Fdc6961A9093E3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6773-L6785"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6773-L6785"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3de1a753ac7a2f43ae64ee54fc81d92f70c32d4a04398a6dfc9a6ec856d8300"
 		score = 75
 		quality = 75
@@ -222476,8 +226694,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_74C94Ef697Dc9783F845D26Dccc1E7Fd : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6787-L6799"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6787-L6799"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "226dfe366c31e9cb38910df7d6cb2037c545745594fd133d7b7359175f153a90"
 		score = 75
 		quality = 75
@@ -222500,8 +226718,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Dd1Cb148A90123Dcc13498B54E5A798 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6801-L6812"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6801-L6812"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b5ec1b9d3fd15259d3628b5199b274f85674b404c57329d8af4f779ae357454"
 		score = 75
 		quality = 75
@@ -222523,8 +226741,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A758504E7971869D0Aec2775Fffa03D5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6814-L6829"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6814-L6829"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "08f52e96d1e93e2d406753fd0dee5d03501ac037ab022b710362b113eaae6239"
 		score = 75
 		quality = 75
@@ -222547,8 +226765,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F13A4F94Bf233525 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6831-L6845"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6831-L6845"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "29284d9ced0d5e6d587edc9727321cdc7bf5ce4ad8407d460afa7f1e6d1bcb90"
 		score = 75
 		quality = 75
@@ -222570,8 +226788,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_119Acead668Bad57A48B4F42F294F8F0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6847-L6858"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6847-L6858"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bae9aed4f53059b2ec0de630f681bb157c148d9ad38be35dd8c1a74b19619077"
 		score = 75
 		quality = 75
@@ -222593,8 +226811,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_21144343720267Ba42F586105Ff279De : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6860-L6871"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6860-L6871"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a1eacebed0966ad5d78eb7e38d8b854d183f21a19a53bbcb57503e4271b2cc84"
 		score = 75
 		quality = 75
@@ -222616,8 +226834,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00A3Cb8E964244768969B837Ca9981De68 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6873-L6884"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6873-L6884"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d88c9ac03a4b3803b85c5ee30ad127aca43cbfc33d754bc42c15593f7294b1bc"
 		score = 75
 		quality = 75
@@ -222639,8 +226857,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Bd96F0B87Edca41E777507015B3B2775 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6886-L6900"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6886-L6900"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a9906821de34bf6a20bfe1a4be81563a22b110bde68fbe36b491955c23d2dcc6"
 		score = 75
 		quality = 75
@@ -222662,8 +226880,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00E41537B8Dd65670D6Eb01954Becacf1E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6902-L6916"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6902-L6916"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "94b7feb2d1ed8a7004599ac2018746bf43529f7cf7c4776fbdf21282013935c8"
 		score = 75
 		quality = 75
@@ -222685,8 +226903,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_06808C5934Da036A1297A936D72E93D4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6918-L6929"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6918-L6929"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "45840d354dcea86c38effc86b3b6f92540f32eab78286d51ff7f472618accb8b"
 		score = 75
 		quality = 75
@@ -222708,8 +226926,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_97D50C7E3Ab45B9A441A37D870484C10 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6931-L6942"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6931-L6942"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2f535f66a4aabffff48f167ffcabcb366398e358eaafa2b3d67ee4c7ad19eb66"
 		score = 75
 		quality = 75
@@ -222731,8 +226949,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0B2B192657B37632518B08A06E201381 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6944-L6955"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6944-L6955"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "361005555e5d4b51c4538617c99fe668fca61ccc0c0847611e1423f69194999c"
 		score = 75
 		quality = 75
@@ -222754,8 +226972,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00945Aaac27E7D6D810C0A542Bedd562A4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6957-L6972"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6957-L6972"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "292657717cb42835324b6ff42d563bca47e042e82afef24b5d666b16979b8103"
 		score = 75
 		quality = 75
@@ -222778,8 +226996,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6D450Cc59Acdb4B7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6974-L6985"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6974-L6985"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8328159dce3586c26b777f92d7a87e0660520cf08d122505d34ed427bdd7ff6f"
 		score = 75
 		quality = 75
@@ -222801,8 +227019,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_66390Fc17786D4A342F0Ee89996D6522 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L6987-L6998"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L6987-L6998"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a38d09beee8ddaa6e8273e04fe3c5cc9ff9a4e55344e2b9191bb3e5928e9e79b"
 		score = 75
 		quality = 75
@@ -222824,8 +227042,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00D1737E5A94D2Aff121163Df177Ed7Cf7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7000-L7015"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7000-L7015"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7889e42ca0bc6c4aad0c7cf90459958e9d256b984fae719bd418fc17120cb4a2"
 		score = 75
 		quality = 75
@@ -222848,8 +227066,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Aa94583A95D42F1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7017-L7028"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7017-L7028"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "174ce032fd87028e34843417d5a4695d6d6e2eb444095e005588f1acf291cdf8"
 		score = 75
 		quality = 75
@@ -222871,8 +227089,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Ce7A0C62F27Fa98F78853E1Ad11173F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7030-L7041"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7030-L7041"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48692213d57293d28d0eb146d24036fa7e7357e55df07330d596a51a0665f063"
 		score = 75
 		quality = 75
@@ -222894,8 +227112,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_670C3494206B9F0C18714Fdcffaaa42F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7043-L7054"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7043-L7054"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5215f3e877ac4b37d33a29f9d2e92567db02f41f5fa1592d2de199ee06b43885"
 		score = 75
 		quality = 75
@@ -222917,8 +227135,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5F11C47D3F8C468E5D38279De98078Ce : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7056-L7067"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7056-L7067"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "82db6d0b96303be79aa9a0980a4ce491a1216adbba65443e8e59c5cf69a4a1e4"
 		score = 75
 		quality = 75
@@ -222940,8 +227158,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Bdb99D5Ecf8271D48E35F1039C2160Ef : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7069-L7083"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7069-L7083"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a7fd1705d440306e7643167f46b0735bedab291e714cd01068be321f489e3f3"
 		score = 75
 		quality = 75
@@ -222963,8 +227181,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_025020668F51235E9Ecfff8Cf00Da63E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7085-L7096"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7085-L7096"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c99caf6ada228fe1229ea8e8ca0b160468f044a9a1e13ed9a83c12afeae337a1"
 		score = 75
 		quality = 75
@@ -222986,8 +227204,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Cfae7E6F538B9F2E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7098-L7112"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7098-L7112"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "23032d387bbfc81edb08982a196b90a136faf935d74c46771c59ef19095ac3a4"
 		score = 75
 		quality = 75
@@ -223009,8 +227227,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Bc9B800F480691Bd6B60963466B0C75 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7114-L7125"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7114-L7125"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "15143a6dc374f22252880ce61a419df46d81bc1ee99a29d03a61348f9c230064"
 		score = 75
 		quality = 75
@@ -223032,8 +227250,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_69Ad1E8B5941C93D5017B7C3Fdb8E7B6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7127-L7138"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7127-L7138"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1a37133dcc7af9c3f229f517dca847d7c007b8a2fdc6af50721d68f68c5d9c20"
 		score = 75
 		quality = 75
@@ -223055,8 +227273,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_072472F2386F4608A0790Da2Be8A48F7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7140-L7151"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7140-L7151"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "32b61f42ee9f3109c747e8a159376d03349d8a5061be0c31504e929cb3c3042e"
 		score = 75
 		quality = 75
@@ -223078,8 +227296,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Ea734E1Dfb6E69Ed2Bc55E513Bf95B5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7153-L7168"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7153-L7168"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e2d07a2af36608d6eab6db85bcb968e486293239d0cfaeea7de2bb8223e58a29"
 		score = 75
 		quality = 75
@@ -223102,8 +227320,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Dfa4F0Cff90319951B019A4681Ebd2A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7170-L7182"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7170-L7182"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d89cda38cf6149c004f7d7b307243567768cba73bd49979d7d4f92f902ef4508"
 		score = 75
 		quality = 75
@@ -223126,8 +227344,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4D03Ae6512B85Eab4184Ca7F4Fa2E49C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7184-L7196"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7184-L7196"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2cbeaf65b0d3340df08baf67134a2fe0b26921f2e35ce541884209e3ecddf233"
 		score = 75
 		quality = 75
@@ -223150,8 +227368,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_333705C20B56E57F60B5Eb191Eef0D90 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7198-L7209"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7198-L7209"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f5ca35381842a0ea7c319d8388753347a72fc6df746064e520794aeb4b6724d0"
 		score = 75
 		quality = 75
@@ -223173,8 +227391,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_79906Faf4Fbd75Baa10B322356A07F6D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7211-L7222"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7211-L7222"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "59862f31d0ba0cf56a93a86783ad802ea2e511845ab1d141aa224c0c61b720a7"
 		score = 75
 		quality = 75
@@ -223196,8 +227414,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_030Ba877Daf788A0048D04A85B1F6Eca : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7224-L7235"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7224-L7235"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "70b5b9011b53b7c9ac9dc286f3512a7a8bec5ec35ade0ee1c4bedd0a128994da"
 		score = 75
 		quality = 75
@@ -223219,8 +227437,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Fe83F58D001327Fbaafd7Bac76Ae6818 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7237-L7251"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7237-L7251"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8aac715daba042ca4a57cd65b98e6192c87a13e7e0c8ff4a3bc81c43223035ad"
 		score = 75
 		quality = 75
@@ -223242,8 +227460,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0788260F8541539D97F49Ddaa837B166 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7253-L7265"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7253-L7265"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48985ac2c450bc4b3c5de635717dcf3a7ecf64109aa4059477ba79606f7fc2a4"
 		score = 75
 		quality = 75
@@ -223266,8 +227484,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Ca5Acafb5Fdca6F8B5D66D1339A5D85 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7267-L7279"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7267-L7279"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2612e58b4e1a6fa65b32fe855b3542882c79345e93ab134933c893e90bb1a75c"
 		score = 75
 		quality = 75
@@ -223290,8 +227508,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_387Eeb89B8Bf626Bbf4C7C9F5B998B40 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7281-L7293"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7281-L7293"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3436b7954e5488614f8f0998fe9eae7773d821c776436836d7b2230cd9c97f46"
 		score = 75
 		quality = 75
@@ -223314,8 +227532,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_035B41766660B08Aaf121536F0D83D4D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7295-L7306"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7295-L7306"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "924ed1d3c6a8d378471a2e5301f3a813ee8622135ce001d3061918d9454cdcc4"
 		score = 75
 		quality = 75
@@ -223337,8 +227555,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1A041Db92237C18948109789F627B3Cd : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7308-L7320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7308-L7320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f5e07eb58a68dea062522869c43daeddab666f12b078a4f2ce9aa37885e46cbd"
 		score = 75
 		quality = 75
@@ -223361,8 +227579,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_06Df5C318759D6Ea9D090Bfb2Faf1D94 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7322-L7334"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7322-L7334"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3be08901a44c1c94cfb93e56075270ed974399ccc0a4dce15299456dad645822"
 		score = 75
 		quality = 75
@@ -223385,8 +227603,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_330000026551Ae1Bbd005Cbfbd000000000265 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7337-L7351"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7337-L7351"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ae836069665d088c6a309efe5166e260836dce6398c51701b2274515bdaa2cbd"
 		score = 75
 		quality = 75
@@ -223409,8 +227627,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_309368B122Ab63103Dddd4Ad6321A82C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7353-L7365"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7353-L7365"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "37a39d63e2bce6d4ce501e3032ee12fe8c5b39e8d8cb0f3e0c6d0be375bcffc8"
 		score = 75
 		quality = 75
@@ -223433,8 +227651,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_19F613Cf951D49814250701037442Ee2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7367-L7384"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7367-L7384"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ea5f770ddbb7dba836049bec0c7b73cd5bc6a87514f8ea00288cb9d52d17651"
 		score = 75
 		quality = 75
@@ -223459,8 +227677,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2D8Cfcf04209Dc7F771D8D18E462C35A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7386-L7398"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7386-L7398"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e7eee6a6593c231c193145eeefd03a0f32c1d8cc103c97cfa26b5af7363c9b08"
 		score = 75
 		quality = 75
@@ -223483,8 +227701,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_06De439Ba2Df4Dcd8240C211D60Cdf5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7400-L7412"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7400-L7412"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2847853e2e9cc9e6909871b3f8e6de399fb76353e997b084c92dbcfe6c1a48f"
 		score = 75
 		quality = 75
@@ -223507,8 +227725,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00F454F2Fdc800B3454059D8889Bd73D67 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7414-L7429"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7414-L7429"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "91b33a3e915a007d00482905471e124045a373fef9c8b0fe9a987196d2ec013a"
 		score = 75
 		quality = 75
@@ -223531,8 +227749,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3Afe693728F8406054A613F6736F89E3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7431-L7443"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7431-L7443"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6993a13546a1eff8a4f770f224a14bffe7e3393f628337cff27cbf57ebab2a65"
 		score = 75
 		quality = 75
@@ -223555,8 +227773,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0Fd7F9Cac1E9Ce71Ac757F93266E3B13 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7445-L7457"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7445-L7457"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "319f858a15f8752d7637ab7036ed89b17c501c2422769339578e685fe6a57eea"
 		score = 75
 		quality = 75
@@ -223579,8 +227797,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Fbf16A33D26390A15F046C310030Cf0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7459-L7471"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7459-L7471"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc68fe14ec70de74a6dae7891dfbb82ee7974f37469cfa72d735e70e9194c405"
 		score = 75
 		quality = 75
@@ -223603,8 +227821,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_292Eb1133507F42E6F36C5549C189D5E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7473-L7485"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7473-L7485"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "456a09b1939d3f60e6ef735631eb681a9d15ea573552672fd14b19f60e8d8c73"
 		score = 75
 		quality = 75
@@ -223627,8 +227845,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2Aaa455A172F7E3A2Dffb5C6B14F9C16 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7487-L7499"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7487-L7499"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dd10d388e9122585c8e5b2073725f50edbc85d0ca1e94a4b034e500e0e89b608"
 		score = 75
 		quality = 75
@@ -223651,8 +227869,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Ef6392B2993A6F67578299659467Ea8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7501-L7513"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7501-L7513"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eabfeb7abc968188276ba76cd94bd80aba340f5f920881fe13c0f7b093d65a55"
 		score = 75
 		quality = 75
@@ -223675,8 +227893,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0F007898Afcba5F8Af8Ae65D01803617 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7515-L7527"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7515-L7527"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "260dbdd3d295ace9c478cc27061065803c159957a1eb2f7965ee2b358f02a73c"
 		score = 75
 		quality = 75
@@ -223699,8 +227917,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00Aa1D84779792B57F91Fe7A4Bde041942 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7529-L7543"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7529-L7543"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2e57d646910c570f421939fd0d47ddee60bc38bb2ca2ba1991bf334cf8d5574b"
 		score = 75
 		quality = 75
@@ -223722,8 +227940,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0690Ee21E99B1Cb3B599Bba7B9262Cdc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7545-L7556"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7545-L7556"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bc2aac1bd21f80d4233af37028820a36ebd56bceed9b1318e99e75b28b9408e3"
 		score = 75
 		quality = 75
@@ -223745,8 +227963,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_425Dc3E0Ca8Bcdce19D00D87E3F0Ba28 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7558-L7569"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7558-L7569"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0fc85d3d01b37ff7870cade6f8e0e756593ff0b5c9eea3b687ff52985caa20dd"
 		score = 75
 		quality = 75
@@ -223768,8 +227986,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_00881573Fc67Ff7395Dde5Bccfbce5B088 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7571-L7585"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7571-L7585"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5b137cccecb16ad116b73fa1f9025f76846b85009fbd4962956499031d6eff35"
 		score = 75
 		quality = 75
@@ -223791,8 +228009,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_15C5Af15Afecf1C900Cbab0Ca9165629 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7587-L7599"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7587-L7599"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cfc72a85954cb12d89a09b47b5937216a7cfee4a71ac6335a2a94faadea1f68c"
 		score = 75
 		quality = 75
@@ -223815,8 +228033,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_12705Fb66Bc22C68372A1C4E5Fa662E2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7601-L7613"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7601-L7613"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a212e491ce661dec5512f82eed42b1863afb75ce7fb185c41af178f3852b78c8"
 		score = 75
 		quality = 75
@@ -223839,8 +228057,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_205483936F360924E8D2A4Eb6D3A9F31 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7615-L7627"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7615-L7627"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "09bf63b88eda95aae094cecb868838f08b88a6b4fe2993145e20293034c12863"
 		score = 75
 		quality = 75
@@ -223863,8 +228081,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_06Bcb74291D96096577Bdb1E165Dce85 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7629-L7641"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7629-L7641"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "34f533f7c7e12aaac9a1998654fae6ffde366affa90e9cba061b356fa7190e71"
 		score = 75
 		quality = 75
@@ -223887,8 +228105,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0D261C8470Adbb65800Ceaf3Eac70819 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7643-L7655"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7643-L7655"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e71f5d24500ac202aad5a439aa0d5f1bf7e6259c1d7e11bb40c7b9ae93bd86c0"
 		score = 75
 		quality = 75
@@ -223911,8 +228129,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_40E27B7404Aa9B485F8A2Fc0C8E53Af3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7657-L7668"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7657-L7668"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "95a0bcf9b52ba8f4b63453abf0ee28027689450557a2408c6b27f8aafcbbe945"
 		score = 75
 		quality = 75
@@ -223934,8 +228152,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_627Dfdf73A1455De5143A270799E6B7B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7670-L7681"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7670-L7681"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "833e772e56e87f730ee1acb9d6ed747d239903cfd9470d777efab73c5d656f49"
 		score = 75
 		quality = 75
@@ -223957,8 +228175,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1966Bc76Bda1A708334792Da9A336F69 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7683-L7694"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7683-L7694"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d0293e76f8a595d769fd302829bd94a576d647bbacb586728e804bf4dce1af78"
 		score = 75
 		quality = 75
@@ -223980,8 +228198,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_82D224323Efa65060B641F51Fadfef02 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7696-L7710"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7696-L7710"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ed849dfd905e01145274d41b3bbb2c0265b099e540ac17909b6ed59f006e245"
 		score = 75
 		quality = 75
@@ -224003,8 +228221,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Be2F22C152Bb218B898C4029056816A9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7712-L7726"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7712-L7726"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9eba1585d92b184afb7b75b84e0010539ac42ca27e4d5d8bccee6b01e3471cca"
 		score = 75
 		quality = 75
@@ -224026,8 +228244,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_29E8E993D2406454B6B18Cb377471Bc6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7728-L7739"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7728-L7739"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf248e664d00675d3fc87070b6358ca7539ef6e748b8bfafcba7ecb91cb1ea05"
 		score = 75
 		quality = 75
@@ -224049,8 +228267,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6Daa67498C3A5D8133F28Fefe9Ccc20E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7741-L7754"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7741-L7754"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dc66a18e4f8d14f98e5a8073d32b641e0eb795e989fb62ac23207e765838561a"
 		score = 75
 		quality = 75
@@ -224073,8 +228291,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_59F296D0Af649E0962D724248D9Fdcdb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7756-L7769"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7756-L7769"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0212033b2ea12f568a3c2e4d3768194c8035c6b6ebf054af90fe82ffcd7e6a5b"
 		score = 75
 		quality = 75
@@ -224097,8 +228315,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A32F3Ba229704Ad400473F7479E4C3E4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7771-L7784"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7771-L7784"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9c7b9b6827e10a8c2a6d771d14068a074104683fe75f24dea85c5bf3f3bc04db"
 		score = 75
 		quality = 75
@@ -224121,8 +228339,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3Ab74A2Ebf93447Adb83554B5564Fe03 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7786-L7799"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7786-L7799"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8dbc549ecaf1cb3f07486bac7ed265882af4b6b29b9772736118490eb9233303"
 		score = 75
 		quality = 75
@@ -224145,8 +228363,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_90212473C706F523Fe84Bdb9A78A01F4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7801-L7814"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7801-L7814"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8cd1e984bb81f071053614ae9d037d7ff5e01fb95aaa0474492386a7b5faecec"
 		score = 75
 		quality = 75
@@ -224169,8 +228387,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5C9F5F96726A6E6Fc3B8Bb153Ac82Af2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7816-L7829"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7816-L7829"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "da76d86509aee2f9cac992e6b081dce5e68c747ad34abd2daeb32e6e390b880b"
 		score = 75
 		quality = 75
@@ -224193,8 +228411,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2A2F270535C2D5E7630720Fb229B5D1C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7831-L7844"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7831-L7844"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7d9785c12d2d744fbafab009edfb1ef232eadcdbc8eee99d0ad0daacabbabf26"
 		score = 75
 		quality = 75
@@ -224217,8 +228435,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4659Fa5Fc1E0397Df79Fd6A4083D93B0 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7846-L7859"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7846-L7859"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d8a10d77e63d2a62ce45606dd9a317220aa124a50fa95028a45d9f5899ec6e3"
 		score = 75
 		quality = 75
@@ -224241,8 +228459,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_651F3E5B491B197D20C49B9C7B25B775 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7861-L7874"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7861-L7874"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fe06e8f6fd87d5a9044a6ff609da73b7d9e7d1f07cc9e84ee2fd2940be615323"
 		score = 75
 		quality = 75
@@ -224265,8 +228483,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_67936A84Bed66Ef021Dbe771De331772 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7876-L7889"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7876-L7889"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "da149e6835be937e0bf2763052d4cbabb367910061aec3c394dffaa45d9b0ac6"
 		score = 75
 		quality = 75
@@ -224289,8 +228507,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_8538A6C5018F50Fc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7891-L7904"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7891-L7904"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2ef3c7a45eb1d46e6c159ec9692fa5c17ff7679f41d96d04de52aa52ce96fa6b"
 		score = 75
 		quality = 75
@@ -224313,8 +228531,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Fecc3B3C675F7Ffd7De22507F3Fdacd7 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7906-L7919"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7906-L7919"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1319f4ccb5ab07c1c538d6a183fa25726b3d42192eaa878a2c402be2c93219f7"
 		score = 75
 		quality = 75
@@ -224337,8 +228555,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5294F0F841F29855E33A18402421949A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7921-L7934"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7921-L7934"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b9d2b10c4117de276cb41148b41921115f414aa17e261956c8550adf6127d5b9"
 		score = 75
 		quality = 75
@@ -224361,8 +228579,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1614Ef66B2C4B886E71A93Dd34869F48 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7936-L7949"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7936-L7949"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "26265d54d8b58128c1a9a3b322f339d1beb438f403637519b11ff324af91d1e2"
 		score = 75
 		quality = 75
@@ -224385,8 +228603,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_65Cfd8419D70Ce4011D97Bc79D18315E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7951-L7964"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7951-L7964"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "675ab6ef0f744f62db892992c6b3614e14b95f64e2800a0d10e55b915a2b4e74"
 		score = 75
 		quality = 75
@@ -224409,8 +228627,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_01Cf0B0F01B20B70Bfaa69722979Ef5C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7966-L7979"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7966-L7979"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5942c0196d7264783590c599ccfb0fe6518b338238ddb3df4e4f8999922ce86b"
 		score = 75
 		quality = 75
@@ -224433,8 +228651,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_698Ff388Adb50B88Afb832E76B0A0Ad1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7981-L7994"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7981-L7994"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7734256201739dece5ae039d45ed79c74be6228f7da51fc82c0cfd2d4aacfd4b"
 		score = 75
 		quality = 75
@@ -224457,8 +228675,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5143Cf38D5Fd26858830826632Be9Fda : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L7996-L8009"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L7996-L8009"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b6f33fd94f8098ca9d4fe98b3dc0a833f0be78fe854c62d715b98a2ba980b8ac"
 		score = 75
 		quality = 75
@@ -224481,8 +228699,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3628B93Bcd902B6B3E1Ffdf2E13Dfcf5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8011-L8024"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8011-L8024"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf9b2ab7a379437daa04565fdf7adc04db2f6f1a6284d1fd91f037b255523c42"
 		score = 75
 		quality = 75
@@ -224505,8 +228723,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_A32B8B4F1Be43C23Eb2848Ab4Ef06Bb2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8026-L8039"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8026-L8039"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "438667b55f23b689627fc1e5bce0e53b960ef51d1a7d3203e398c59bd94ffe93"
 		score = 75
 		quality = 75
@@ -224529,8 +228747,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_17Ccecc181Ed65A357Edf3B01Df62Cc9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8041-L8054"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8041-L8054"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d79968633717744ab9e9006f8d958c1e240a1e0f99fd0b4c603d42bb7cd4773c"
 		score = 75
 		quality = 75
@@ -224553,8 +228771,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_332Bd5801E8415585E72C87E0E2Ec71D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8056-L8069"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8056-L8069"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ad3b1aebedd1ecef9af96da991cdbaca8033e0d48b5e7b776dd3fd3c4024928e"
 		score = 75
 		quality = 75
@@ -224577,8 +228795,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0139Dde119Bb320Dfb9F5Defe3F71245 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8071-L8084"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8071-L8084"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b2a7154d73eb9271a181d71d65c73e399bb2f7d1fe031240e94b6ef4c4f7cb18"
 		score = 75
 		quality = 75
@@ -224601,8 +228819,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2F96A89Bfec6E44Dd224E8Fd7E72D9Bb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8086-L8099"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8086-L8099"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "94a5721bd3089f46699a947afcd03287712f94754666809e6495b01fc9cd6dcf"
 		score = 75
 		quality = 75
@@ -224625,8 +228843,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_626735Ed30E50E3E0553986D806Bfc54 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8101-L8114"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8101-L8114"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "960005fe1a28ddb50261aeaaa850a2410ac03ee9709af2a75485313676c92c53"
 		score = 75
 		quality = 75
@@ -224649,8 +228867,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4A2E337Fff23E5B2A1321Ffde56D1759 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8116-L8129"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8116-L8129"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "524048d39de89002efbb8bf75135551b300e03f1126e5e117a4682c79ec04c9a"
 		score = 75
 		quality = 75
@@ -224673,8 +228891,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_967Cb0898680D1C174B2Baae5Fa332Db : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8131-L8144"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8131-L8144"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8c68127b29d1a1aa4c1e2033c809fa57466f224c2bb4ede0ffb2b572a3d58c0f"
 		score = 75
 		quality = 75
@@ -224697,8 +228915,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_890570B6B0E2868A53Be3F8F904A88Ee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8146-L8159"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8146-L8159"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "952b211cc2c7988b9a09ca5a96c44fea24bbaced28a79ab0ae6732675fda7365"
 		score = 75
 		quality = 75
@@ -224721,8 +228939,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_7D27332C3Cb3A382A4Fd232C5C66A2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8161-L8174"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8161-L8174"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d21218469ae41def8eed3d2cff38744ae928d9e8fed8ff68c539d33193136e0f"
 		score = 75
 		quality = 75
@@ -224745,8 +228963,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_40F5660A90301E7A8A8C3B42 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8176-L8189"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8176-L8189"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ed584aa8ad833066ed9f7ddbf98dc75efe88e0b7e69f564a90eade63dc2aee2d"
 		score = 75
 		quality = 75
@@ -224769,8 +228987,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Dfc1F1B0F205Cc17Ed7D216Bb991F859 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8191-L8204"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8191-L8204"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "24783267ab27f8102f724810322a7fbb010b7a2abf59ad206b96a3eb75968907"
 		score = 75
 		quality = 75
@@ -224793,8 +229011,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E573D9C8B403C41Bd59Ffa0A8Efd4168 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8206-L8219"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8206-L8219"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ec53ab007d8be2f3cad45e787e724c5af0dd3f18c2b66a179b822bdeeb0d1560"
 		score = 75
 		quality = 75
@@ -224817,8 +229035,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_2F38De4Ced0B070973B9E9B9B1Dcfa7F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8221-L8234"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8221-L8234"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84c3d89e8393bcaddea53326730d795f482ec65c574fde5c1c81f395178b591a"
 		score = 75
 		quality = 75
@@ -224841,8 +229059,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_53E1F226Cb77574F8Fbeb5682Da091Bb : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8236-L8249"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8236-L8249"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "41f4902e9d02254efdfd19a73de16e1128b15d264c3ed128d5ec28bd92f2d8a4"
 		score = 75
 		quality = 75
@@ -224865,8 +229083,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Df2547B2Cab5689A81D61De80Eaaa3A2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8251-L8264"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8251-L8264"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c32a6510bd3cfd09e84ccf36140eb405945059c981fb1888298501493f6ef68f"
 		score = 75
 		quality = 75
@@ -224889,8 +229107,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_58Af00Ce542760Fc116B41Fa92E18589 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8266-L8279"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8266-L8279"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bcabd77b40ad9eae4c499c8cd4b3e3d39e5478fa590be536860375e890c1b62e"
 		score = 75
 		quality = 75
@@ -224913,8 +229131,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5B1F9Ec88D185631Ab032Dbfd5166C0D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8281-L8294"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8281-L8294"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "05428b4e636a60fb409ead0f4aeb25ed08dae24d58c98a17bb77aa521706763a"
 		score = 75
 		quality = 75
@@ -224937,8 +229155,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Ff52Eb011Bb748Fee75153Cbe1E50Dd6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8296-L8309"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8296-L8309"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e439f15c3312ed3a1840967bb165300a491ffe3d1c9c629abcbebf3efd9b1f50"
 		score = 75
 		quality = 75
@@ -224961,8 +229179,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Eda0F47B3B38E781Cdf6Ef6Be5D3F6Ee : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8311-L8324"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8311-L8324"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7b53d30e5b6176eaae854bf4046339864225b417a147fe6f24fb51dfb0535911"
 		score = 75
 		quality = 75
@@ -224985,8 +229203,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4728189Fa0F57793484Cdf764F5E283D : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8326-L8339"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8326-L8339"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "181971946ee4d643430b733ed57ccf07c940205853c9e5102b08b7bc509bcc63"
 		score = 75
 		quality = 75
@@ -225009,8 +229227,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_24E4A2B3Db6Be1007B9Ddc91995Bc0C8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8341-L8354"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8341-L8354"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "71d1f8e9113170f410007b31c0d7316c537001b2a761f1e35d6bd2aa0b39f2d9"
 		score = 75
 		quality = 75
@@ -225033,8 +229251,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0772B4D1D63233D2B8771997Bc8Da5C4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8356-L8369"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8356-L8369"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "056fefbc03cff00a40ea9bb65893b92fcc15134c7cf7bf7dedf98f43b44bc03d"
 		score = 75
 		quality = 75
@@ -225057,8 +229275,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_1Deea179F5757Fe529043577762419Df : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8371-L8384"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8371-L8384"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b521363d1d38a4ed1b2b4126aec85ed6bffc23dc4e30f6f6c942e1fa96b0dd8d"
 		score = 75
 		quality = 75
@@ -225081,8 +229299,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_061A27A3A3771Bb440Fc16Cadf2675C4 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8386-L8399"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8386-L8399"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d85b9d2b6fe4ce99670a8f51e84d63f1ec6d0341a3715eeed3e3d6a0fda93dc5"
 		score = 75
 		quality = 75
@@ -225105,8 +229323,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_06675181E7B5E1030B3D40926E2A47D3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8401-L8414"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8401-L8414"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "14d963fd03187afb7afabc208e36d8bb45ec818b27782a6c3037229f82bf22d6"
 		score = 75
 		quality = 75
@@ -225129,8 +229347,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Dbc03Ca7E6Ae6Db6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8416-L8429"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8416-L8429"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7d188663b00870e98984b4be4c72b0fd183b5fb8dd61512c1d65d386f1ebad0a"
 		score = 75
 		quality = 75
@@ -225153,8 +229371,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_26F855A25890B749578F13E4B9459768 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8431-L8444"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8431-L8444"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2de5a2d4d692c14660a9ec3ed18a7d2d6741a862c86812fcd640b1378281c328"
 		score = 75
 		quality = 75
@@ -225177,8 +229395,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_25Ba18A267D6D8E08Ebc6E2457D58D1E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8446-L8459"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8446-L8459"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "38bdfa2291c7c3f81b29d41c65814002db3e4de11928699d2d946e87d313558d"
 		score = 75
 		quality = 75
@@ -225201,8 +229419,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A2787Fbb4627C91611573E323584113 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8461-L8474"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8461-L8474"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e4ea9149f28798b48482ff68c3e08593a4510e3bd01e49ebdca7d450f15537e4"
 		score = 75
 		quality = 75
@@ -225225,8 +229443,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C81319D20C6F1F1Aec3398522189D90C : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8476-L8489"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8476-L8489"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1271d0cc05d35a70a90f605e7c68fc52605570e453e9e67fbeb74762a88a0a96"
 		score = 75
 		quality = 75
@@ -225249,8 +229467,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_77550Ed697992B397E3F1Ad8E2A662D1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8491-L8504"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8491-L8504"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "87a70f10a111c4c5d1c3fb5b1c2a9da528f7d484ae6391c91e4052aba5c6bbe0"
 		score = 75
 		quality = 75
@@ -225273,8 +229491,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_B1Bbef3Aba79Ab2Eae5B8015F26B34F8 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8506-L8519"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8506-L8519"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "34b00243f0b5e8d09938f1500871797125644f839298427c877801027638fd34"
 		score = 75
 		quality = 75
@@ -225297,8 +229515,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_05D50A0E09Bb9A836Ffb90A3 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8521-L8534"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8521-L8534"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc38ae0c9d4fc26739deab65ae3669f272e999b76dbc521dae04b9a3e3e7cef0"
 		score = 75
 		quality = 75
@@ -225321,8 +229539,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_623Eae6A66D3A6Ee80Df9Ccebe51181E : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8536-L8549"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8536-L8549"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "79fceab5a19025d25abb12a8e6f57f8a930d348d538d9c556b6d4fc461af66f2"
 		score = 75
 		quality = 75
@@ -225345,8 +229563,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0A392F03Ded5D73Cdeeda75052A57176 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8551-L8564"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8551-L8564"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ea0159ec1c4670c1e961a87131998fa796cf205eaa8a06bf829c61c9694fa5ef"
 		score = 75
 		quality = 75
@@ -225369,8 +229587,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_E9268Ed63A7D7E9Dfd40A664Ddfbaf18 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8566-L8579"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8566-L8579"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62b9ea3c5197635db2101972af951f4afbd9b311b3c8286525bbd5b5baa17c41"
 		score = 75
 		quality = 75
@@ -225393,8 +229611,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Da156922F4760E0C5F5Bcf79812A27E1 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8581-L8594"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8581-L8594"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6dd0f2373e412a753cbe5e27152f48d6c8980de9b26e5ab212b926e7e41c813"
 		score = 75
 		quality = 75
@@ -225417,8 +229635,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5226A724Cfa0B4Bc0164Ecda3F02A3Dc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8596-L8609"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8596-L8609"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8fa1dad2cd4c1406c1346bbe0fef88eba415437d159cf9010dcfaaa7210aef0e"
 		score = 75
 		quality = 75
@@ -225441,8 +229659,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_121070Be1E782F206985543Bc7Bc58B6 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8611-L8624"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8611-L8624"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "21eb6fed2225d2ab056948603b0990c2eb7dc9289da9a9df16f0d6cd042b3778"
 		score = 75
 		quality = 75
@@ -225465,8 +229683,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_15C21Dab7F4E644E4B35C4858004D8A9 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8626-L8639"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8626-L8639"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "646a858b10de89da4e639d3902ada78fad3a45868f0d7782546a865396cf226c"
 		score = 75
 		quality = 75
@@ -225489,8 +229707,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_101D6A5A29D9A77807553Ceac669D853 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8641-L8654"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8641-L8654"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be6b5a98d5c218c39d8f10bc2a0e443bc8be8a591ab368ee902de4a45a95c8d2"
 		score = 75
 		quality = 75
@@ -225513,8 +229731,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_4679C5398A279318365Fd77A84445699 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8656-L8669"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8656-L8669"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1c591cbb2d35d8dad01ff4ea8c71c8b3a0a5f999f1edfcfc038e47f96d3a3a67"
 		score = 75
 		quality = 75
@@ -225537,8 +229755,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_282A8A04073Eced658B9770Bda8C0D28 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8671-L8684"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8671-L8684"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4cfebe55887a2a09293678e4dff2f93f22bec151dada7c84a41ac6deb10b7cc3"
 		score = 75
 		quality = 75
@@ -225561,8 +229779,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0C48732873Ac8Ccebaf8F0E1E8329Cec : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8686-L8699"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8686-L8699"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "64c61d1bb48d790a2a3da85c6e57b542f0ee8a85296fc3e8c17ea18d8241790d"
 		score = 75
 		quality = 75
@@ -225585,8 +229803,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Da20761Afbb0463C55B1Ea88Bbc7Ec57 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8716-L8729"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8716-L8729"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a4f6bb9742ab40e8003ea14f9645f0c7f885b461fbeb01164b86ddacbda1113f"
 		score = 75
 		quality = 75
@@ -225609,8 +229827,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_C51F4Cf4D82Bc920421E1Ad93E39D490 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8731-L8744"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8731-L8744"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b9152998eb3c4ba2b6e7571ed03c63ae1ade2f922df6901f8e46b08f41474f7b"
 		score = 75
 		quality = 75
@@ -225633,8 +229851,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_69A72F5591Ad78A0825Fbb9402Ab9543 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8746-L8759"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8746-L8759"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b2a8c08a612f7352a159a9d3f7d9152d9de043db1ec69e4bb2493533453f8f5c"
 		score = 75
 		quality = 75
@@ -225657,8 +229875,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_8Cece6Df54Cf6Ad63596546D77Ba3581 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8761-L8774"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8761-L8774"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1980b3ef7df1bfa43d401fdd8393cb8ffb5c919d558c23314ffb9e823cf9590d"
 		score = 75
 		quality = 75
@@ -225681,8 +229899,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_Db95B22362D46A73C39E0Ac924883C5B : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8776-L8789"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8776-L8789"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "29015f6e11f2c93cc12e39cf50a1bda3bd4aa0bb7df0d7374223031361067495"
 		score = 75
 		quality = 75
@@ -225705,8 +229923,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_D3Aee8Abb9948844A3Ac1C04Cc7E6Bdf : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8791-L8804"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8791-L8804"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9af0b27e96575298a31b53f6f88cdb20934db75637abdd0acb40bb3c6921542c"
 		score = 75
 		quality = 75
@@ -225729,8 +229947,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_6000F8C02B0A15B1E53B8399845Faddf : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8806-L8819"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8806-L8819"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a8687b2aa02909af5fc7c706f31c419c4af48225abe7415bf262de57bb85258f"
 		score = 75
 		quality = 75
@@ -225753,8 +229971,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_F6Ad45188E5566Aa317Be23B4B8B2C2F : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8821-L8834"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8821-L8834"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7afafea141727e2ed4c1975a18aa77b282c7d9ece5729dbd96cbb49cc2b393f1"
 		score = 75
 		quality = 75
@@ -225777,8 +229995,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_74Fc9257Bc86F8C618501695Ad4B1606 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8836-L8849"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8836-L8849"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d6a9956d8bcc717186c205d07b94df1df4818bee58f98bdc128ec569331ab5e6"
 		score = 75
 		quality = 75
@@ -225801,8 +230019,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_3B0914E2982Be8980Aa23F49848555E5 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8851-L8864"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8851-L8864"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b1ced5176720e0a3bd475172a167675de8211987fbae11b93eab1fba6b3629f5"
 		score = 75
 		quality = 75
@@ -225825,8 +230043,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_029Bf7E1Cb09Fe277564Bd27C267De5A : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8866-L8879"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8866-L8879"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a8c817dc99d55dcbea31334cc10b6a7ae3b5cf831e28cb2daf9d4b06fb4bec60"
 		score = 75
 		quality = 75
@@ -225849,8 +230067,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_984E84Cfe362E278F558E2C70Aaafac2 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8881-L8894"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8881-L8894"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a3a42c5b6ad094deb2a9f33789b6f7e52f76e65b2336372341f16389cef40f88"
 		score = 75
 		quality = 75
@@ -225873,8 +230091,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_45245Eef53Fcf38169C715Cf68F44452 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8896-L8909"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8896-L8909"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7667563aa02be9a85ba286bc16eb37380d5988b32f0ce27b1dbd9ae18b8b9175"
 		score = 75
 		quality = 75
@@ -225897,8 +230115,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_0406C4A1521A38C8D0C4Aa214388E4Dc : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8911-L8924"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8911-L8924"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3db3a4f424d2974b746b8290a461f777eb88e0d8c6048e6e51e561c1f91b7747"
 		score = 75
 		quality = 75
@@ -225921,8 +230139,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Ef27Fc51Ee80B30430947C9967Db440 : FILE
 		date = "2023-12-08"
 		modified = "2023-12-08"
 		reference = "https://bazaar.abuse.ch/faq/#cscb"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_knownbad_certs.yar#L8926-L8939"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_knownbad_certs.yar#L8926-L8939"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e282054102d852c0f66435148ce97050b15fb6f60f5d1bfc875b02de9c50c297"
 		score = 75
 		quality = 75
@@ -225945,8 +230163,8 @@ rule DITEKSHEN_INDICATOR_JAVA_Packed_Allatori
 		date = "2023-08-29"
 		modified = "2023-08-29"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_packed.yar#L113-L121"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_packed.yar#L113-L121"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ac48a573eb9d9fffe38d09993ff062f308edb07b8a7498e332cc3eb501d48db7"
 		score = 75
 		quality = 75
@@ -225970,8 +230188,8 @@ rule DITEKSHEN_INDICATOR_EXE_Python_Byte_Compiled : FILE
 		date = "2023-08-29"
 		modified = "2023-08-29"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_packed.yar#L211-L220"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_packed.yar#L211-L220"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "212d525509a4d8fb7f1b5efa929526c8758549bfdb8591c88ce602315e6b3147"
 		score = 75
 		quality = 75
@@ -225996,8 +230214,8 @@ rule DITEKSHEN_INDICATOR_MSI_EXE2MSI : FILE
 		date = "2023-08-29"
 		modified = "2023-08-29"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_packed.yar#L222-L233"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_packed.yar#L222-L233"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "afd48b54766600805ae1aeef13b11de4ca160ea1f96419a4090ab9dae55fa4cd"
 		score = 75
 		quality = 75
@@ -226024,8 +230242,8 @@ rule DITEKSHEN_INDICATOR_PY_Packed_Pyminifier : FILE
 		date = "2023-08-29"
 		modified = "2023-08-29"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_packed.yar#L331-L339"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_packed.yar#L331-L339"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c7e916906d4654215de6d12e1bff790f24bcf69e97a7e5314a2a057a91b135a3"
 		score = 75
 		quality = 75
@@ -226049,8 +230267,8 @@ rule DITEKSHEN_MALWARE_Win_Laturo : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3-L26"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3-L26"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bfb0c5676c926f58a4395a56dad09b37e8ac1cf0bf6b5521767c16698644b73a"
 		score = 75
 		quality = 61
@@ -226088,8 +230306,8 @@ rule DITEKSHEN_MALWARE_Win_Xpertrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L28-L56"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L28-L56"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2a521bd1d6ce16fa16aa7757db2657dcab15e6802454ad899906d4ed17401feb"
 		score = 75
 		quality = 63
@@ -226130,8 +230348,8 @@ rule DITEKSHEN_MALWARE_Win_Isrstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L112-L128"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L112-L128"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5dd030ab8122b5dd432168647c7a3465cb3593a326f68b4863a91d16587641e5"
 		score = 75
 		quality = 75
@@ -226162,8 +230380,8 @@ rule DITEKSHEN_MALWARE_Win_Quasarrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L130-L150"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L130-L150"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b"
 		score = 75
 		quality = 75
@@ -226198,8 +230416,8 @@ rule DITEKSHEN_MALWARE_Win_Limerat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L152-L168"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L152-L168"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ae35c5fa48773b93da0b76b238fc8dbaf19fdeb6fd81bf23842c5121d620116"
 		score = 75
 		quality = 75
@@ -226230,8 +230448,8 @@ rule DITEKSHEN_MALWARE_Win_Arkei : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L210-L226"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L210-L226"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8a79bcc6ac94900c8a8913b2e81424bf900bbac416f44a91db6f208f23980155"
 		score = 75
 		quality = 75
@@ -226262,8 +230480,8 @@ rule DITEKSHEN_MALWARE_Win_Dcrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L228-L292"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L228-L292"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8"
 		score = 75
 		quality = 50
@@ -226337,8 +230555,8 @@ rule DITEKSHEN_MALWARE_Win_Firebirdrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L316-L339"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L316-L339"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1c24e924171db1b99a3b03764f4551b6f4b6b1c9c6147b49dbc0651e85e9040c"
 		score = 75
 		quality = 73
@@ -226376,8 +230594,8 @@ rule DITEKSHEN_MALWARE_Win_Phoenix : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L341-L367"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L341-L367"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b2c2a4ffc36d708a121853fb0268e6dc85b3fe2cd58e05c8124cbef18e03ec0b"
 		score = 75
 		quality = 75
@@ -226417,8 +230635,8 @@ rule DITEKSHEN_MALWARE_Win_Backnet : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L369-L386"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L369-L386"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c276f2b809caad680455fc4ca0a021887d4ff2c9114f05737542a1d3c5cca848"
 		score = 75
 		quality = 75
@@ -226450,8 +230668,8 @@ rule DITEKSHEN_MALWARE_Win_Acridrain : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L388-L401"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L388-L401"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "11884073f4bf466503b07f297ae7fad188f79df148fcc7ca48827c7dbd07e211"
 		score = 75
 		quality = 75
@@ -226479,8 +230697,8 @@ rule DITEKSHEN_MALWARE_Linux_Chachaddos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L403-L418"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L403-L418"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2bf99771046650820f02a24d5bd825afeacd03d1e865b05d8563a3ef74d521fb"
 		score = 75
 		quality = 75
@@ -226510,8 +230728,8 @@ rule DITEKSHEN_MALWARE_Multi_Exaramel : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L420-L459"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L420-L459"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e64383304bc913b07a2e63d61c81354b996c01171357005f4a28957d4d889599"
 		score = 75
 		quality = 73
@@ -226563,8 +230781,8 @@ rule DITEKSHEN_MALWARE_Linux_Hiddenwasp : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L461-L486"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L461-L486"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2aad022de41ba2633fc92a7dc5a5fa2efde9da2211cfc01fb2999e33365d6c9"
 		score = 75
 		quality = 71
@@ -226604,8 +230822,8 @@ rule DITEKSHEN_MALWARE_Multi_Wellmess : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L488-L510"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L488-L510"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9cbbca609fd289d7406d9073237688d250dc68c450676b9b755509540d8f76a5"
 		score = 75
 		quality = 75
@@ -226639,8 +230857,8 @@ rule DITEKSHEN_MALWARE_Win_Konni : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L512-L530"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L512-L530"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d57c51f7ede28b74395e5e0fbcc5fd9247b3353330f3e549d5abf99bbd7a1b93"
 		score = 75
 		quality = 75
@@ -226673,8 +230891,8 @@ rule DITEKSHEN_MALWARE_Win_Bitterrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L532-L551"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L532-L551"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f9dec388af6ddc767f82d7de7ba47754e76058022e6e55bbafd846ca8655a03b"
 		score = 75
 		quality = 50
@@ -226708,8 +230926,8 @@ rule DITEKSHEN_MALWARE_Win_Tjkeylogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L553-L567"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L553-L567"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "52d98a6f5a2cfc6717b7097b4e70c1e813851222f9f06ae74be4e5703b0b0dde"
 		score = 75
 		quality = 75
@@ -226738,8 +230956,8 @@ rule DITEKSHEN_MALWARE_Win_W1RAT : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L569-L585"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L569-L585"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84b9a2e309ed9ab0fb8343d941585356d23348683073d0a37fc7194f58a43a0e"
 		score = 75
 		quality = 75
@@ -226770,8 +230988,8 @@ rule DITEKSHEN_MALWARE_Win_Raccoon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L587-L606"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L587-L606"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "258481982d20d229506f442a5a205fdc05f6ac4399f3a0665860e6529c30943b"
 		score = 75
 		quality = 50
@@ -226805,8 +231023,8 @@ rule DITEKSHEN_MALWARE_Win_Tefosteal : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L653-L674"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L653-L674"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a350863270cbe3349f271e55d66a2ebdd6406e8d122c11071de74a774eb77ebf"
 		score = 75
 		quality = 71
@@ -226842,8 +231060,8 @@ rule DITEKSHEN_MALWARE_Win_Cryptostealergo : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L676-L692"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L676-L692"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0050be7522e7d89cb9688e63fdca11d24baa74aa858e8c19ee7b4658518536b6"
 		score = 75
 		quality = 75
@@ -226874,8 +231092,8 @@ rule DITEKSHEN_MALWARE_Win_M00Nd3V : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L694-L715"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L694-L715"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "68a0888da3b114dc895fe18a3d03b2b88d140fbf82b888f7a031b9364d01aabf"
 		score = 75
 		quality = 75
@@ -226911,8 +231129,8 @@ rule DITEKSHEN_MALWARE_Win_Vssdestroy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L717-L740"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L717-L740"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "24bfd32580f784440252d629a7ab86b84a570ded34409940616be2a89bf73088"
 		score = 75
 		quality = 75
@@ -226950,8 +231168,8 @@ rule DITEKSHEN_MALWARE_Win_Goldenaxe : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L742-L763"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L742-L763"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6dfd88ce65acdfed4749e3b817b317c3c514ea42f892a7f5f95853c148507918"
 		score = 75
 		quality = 75
@@ -226987,8 +231205,8 @@ rule DITEKSHEN_MALWARE_Win_Robbinhood : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L765-L787"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L765-L787"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1c4226ed5cb1583418d5ef0efc2c2b5bc3cfe7f148f359c5d432fd660331a46"
 		score = 75
 		quality = 75
@@ -227025,8 +231243,8 @@ rule DITEKSHEN_MALWARE_Win_Getcrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L789-L825"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L789-L825"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fd7ee98757c3ac1f2b2a4dd9041c78d33273d7a7d596c3d99c6b8d79988f29f1"
 		score = 75
 		quality = 73
@@ -227075,8 +231293,8 @@ rule DITEKSHEN_MALWARE_Joego : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L827-L847"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L827-L847"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ddf3506aefb3cd1845f9daa689848a02a2422ca98c5c984bc918cc7ea2b2677"
 		score = 75
 		quality = 75
@@ -227111,8 +231329,8 @@ rule DITEKSHEN_MALWARE_Win_Aurora : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L849-L869"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L849-L869"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "056bb11e8b947ef90462503db82b2001e4a5d4847fad9c0d5d771384a80d779a"
 		score = 75
 		quality = 75
@@ -227147,8 +231365,8 @@ rule DITEKSHEN_MALWARE_Win_Buran : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L871-L903"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L871-L903"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eaf50d824dbade0ca63fafc5b4a376553039de9b51a0f6387cb28c8f91a7e0b9"
 		score = 75
 		quality = 73
@@ -227193,8 +231411,8 @@ rule DITEKSHEN_MALWARE_Win_Masslogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L905-L934"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L905-L934"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7d8bbefa71a1eb20cd9d029bd516d6c37e39cfa053ed0617eace200d210d9b58"
 		score = 75
 		quality = 73
@@ -227238,8 +231456,8 @@ rule DITEKSHEN_MALWARE_Win_Echelon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L936-L957"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L936-L957"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c070bf52cc51dd334ea24614e33eaa2b7b1a17e7790e586cbbb8c7e33ba1bd76"
 		score = 75
 		quality = 75
@@ -227275,8 +231493,8 @@ rule DITEKSHEN_MALWARE_Win_Qulab
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L959-L983"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L959-L983"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "659d828cbef38c6362b612be9bdc05ae820f49c23684e77af6462ea677133284"
 		score = 75
 		quality = 75
@@ -227315,8 +231533,8 @@ rule DITEKSHEN_MALWARE_Win_Orion : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L985-L1005"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L985-L1005"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9e5521ebaf9bdef6dadd2a2a093bd6f87ded023d9a74db126ac8ec9a5f1f9744"
 		score = 75
 		quality = 73
@@ -227351,8 +231569,8 @@ rule DITEKSHEN_MALWARE_Win_Aspire : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1007-L1022"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1007-L1022"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3ea0136dbacb79e4c7556f562d17b26b84ac3e4c967b117021e2399ded0a0fdf"
 		score = 75
 		quality = 75
@@ -227382,8 +231600,8 @@ rule DITEKSHEN_MALWARE_Win_S05Kitty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1024-L1045"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1024-L1045"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "df2930694671c9ca16f2afeb799704647c9acf32be118706c342347ffe8ceb36"
 		score = 75
 		quality = 75
@@ -227419,8 +231637,8 @@ rule DITEKSHEN_MALWARE_Win_Fakewmi : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1047-L1064"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1047-L1064"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "627886cdd01f5f02e454ef284c77c87eb027ee33f6a51536758fb7f095271a40"
 		score = 75
 		quality = 75
@@ -227452,8 +231670,8 @@ rule DITEKSHEN_MALWARE_Win_Baldr : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1066-L1083"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1066-L1083"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f8e97fd618209bc6ce609b60b1e1f1e359be7678474fad3b18a529487c64cd99"
 		score = 75
 		quality = 73
@@ -227485,8 +231703,8 @@ rule DITEKSHEN_MALWARE_Win_Megumin : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1085-L1108"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1085-L1108"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fb4934814c45d2465b6e1589c3b489116343ca0c17ebb916b5c9247fc676c74d"
 		score = 75
 		quality = 50
@@ -227522,8 +231740,8 @@ rule DITEKSHEN_MALWARE_Win_Rietspoof : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1110-L1140"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1110-L1140"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d1d9baab83c904d1e8dcd7aeacdabfc79c1acee67006793c2240a42ebf9c62b2"
 		score = 75
 		quality = 73
@@ -227565,8 +231783,8 @@ rule DITEKSHEN_MALWARE_Win_Modirat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1142-L1158"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1142-L1158"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d0760e9dab7e9c0affb2193ea249feea8bb58e519522ca2a562f015059ad5590"
 		score = 75
 		quality = 75
@@ -227597,8 +231815,8 @@ rule DITEKSHEN_MALWARE_DOC_Koadicdoc : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1160-L1174"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1160-L1174"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9f0538e1faee737a08d403a7f321ce45bdc70b390accfe378ba0d26292509fd7"
 		score = 75
 		quality = 50
@@ -227627,8 +231845,8 @@ rule DITEKSHEN_MALWARE_BAT_Koadicbat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1176-L1186"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1176-L1186"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ee6c0189a5111c61af1dbe571524427bff95a7e3907f97ce51d272a8f701cf5"
 		score = 75
 		quality = 50
@@ -227653,8 +231871,8 @@ rule DITEKSHEN_MALWARE_JS_Koadicjs
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1188-L1208"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1188-L1208"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "689116f74996fecf4c16c224e8cd842ad5b5e989de2dfdf0debeb9a26d8a12fa"
 		score = 75
 		quality = 75
@@ -227689,8 +231907,8 @@ rule DITEKSHEN_MALWARE_Win_NETEAGLE : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1210-L1225"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1210-L1225"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "148de0ca332d3885d94eae8d15eb4aaa2bc4950c691c0e8817c816b7d4c55510"
 		score = 75
 		quality = 75
@@ -227720,8 +231938,8 @@ rule DITEKSHEN_MALWARE_WIN_BACKSPACE : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1227-L1247"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1227-L1247"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3d366327c2272761349687b11e4d6baada5000936dc7f81665e0303f7d1e5121"
 		score = 75
 		quality = 75
@@ -227756,8 +231974,8 @@ rule DITEKSHEN_MALWARE_Win_Rhttpctrl : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1249-L1265"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1249-L1265"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a8b27fcc4636c2fe02a0e006295ece7f705cc9a042921f66ef1f9b6a88aaf9a1"
 		score = 75
 		quality = 75
@@ -227788,8 +232006,8 @@ rule DITEKSHEN_MALWARE_Win_Pillowmint : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1267-L1283"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1267-L1283"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ed2597fce1c56d2e110790e0eb89834b1bb9f6f52d39105157c9ffe2ede6cc7a"
 		score = 75
 		quality = 25
@@ -227820,8 +232038,8 @@ rule DITEKSHEN_MALWARE_Win_Blackshadesrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1285-L1300"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1285-L1300"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c2a76ce52bce9c37a3518ff459011acb733c2c5abac74786e41a1c169459ce2"
 		score = 75
 		quality = 75
@@ -227851,8 +232069,8 @@ rule DITEKSHEN_MALWARE_Win_Goldenspy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://trustwave.azureedge.net/media/16908/the-golden-tax-department-and-emergence-of-goldenspy-malware.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1302-L1314"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1302-L1314"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "908047db2167733da0089375dbfd636881e721cc219da110755b81581d438cfa"
 		score = 75
 		quality = 67
@@ -227878,8 +232096,8 @@ rule DITEKSHEN_MALWARE_Win_Plurox : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1316-L1328"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1316-L1328"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c2ec2ce7a9210d8eebb06c755eab51cab93fe6d48d737fd1756ffe42d46b35d1"
 		score = 75
 		quality = 75
@@ -227906,8 +232124,8 @@ rule DITEKSHEN_MALWARE_Win_Avalon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1330-L1359"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1330-L1359"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1aa9dc09ec4c8962dee0455dd367e32139e4c03f1b306f17ac6e82d71aacf713"
 		score = 75
 		quality = 75
@@ -227948,8 +232166,8 @@ rule DITEKSHEN_MALWARE_Linux_Kinsing : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1361-L1376"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1361-L1376"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "566eb7d1864e3a8088ad4f5d032d6d62a33080bbfc5c20c2520315cfc8146afc"
 		score = 75
 		quality = 75
@@ -227979,8 +232197,8 @@ rule DITEKSHEN_MALWARE_Win_Avaddon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1378-L1395"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1378-L1395"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc3032572d2ab2550d3dde738a3d403459da9b5b640acc814596d958b83620bf"
 		score = 75
 		quality = 75
@@ -228012,8 +232230,8 @@ rule DITEKSHEN_MALWARE_Win_Prolock : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1397-L1413"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1397-L1413"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b7d2cc71acc4f643a86781d957afcf5203a2f4034b9ca7da93e8227ddee79f3b"
 		score = 75
 		quality = 75
@@ -228044,8 +232262,8 @@ rule DITEKSHEN_MALWARE_Win_Purplewave : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1415-L1432"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1415-L1432"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "98dca005d2fdf7eea89661e162292451b544847a7f8b63c8c25c82241ec8e04a"
 		score = 75
 		quality = 25
@@ -228077,8 +232295,8 @@ rule DITEKSHEN_MALWARE_Java_Pyrogenic
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1434-L1446"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1434-L1446"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bb8cb939f06a376f72dcbbb1f04ec34526f72c3bcc3b146b905a8466826d2c24"
 		score = 75
 		quality = 75
@@ -228105,8 +232323,8 @@ rule DITEKSHEN_MALWARE_Win_Agentteslav3 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1448-L1481"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1448-L1481"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6c62b2f601eba3c83b60f7f6dbd3d0ec3c01af30f4312df897bb5e902c36fdac"
 		score = 75
 		quality = 73
@@ -228152,8 +232370,8 @@ rule DITEKSHEN_MALWARE_Win_Taurus : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1483-L1519"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1483-L1519"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6039c27e69b47dfcc1327c34306627d2d9bd57f6bd365bb80b47ad21f892ae8a"
 		score = 75
 		quality = 73
@@ -228203,8 +232421,8 @@ rule DITEKSHEN_MALWARE_Win_Remoteutilitiesrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1521-L1537"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1521-L1537"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "179a559f6a6ffbce31595bd613d338bb6ac40b8a083ed0169cde754b6ed756c7"
 		score = 75
 		quality = 75
@@ -228235,8 +232453,8 @@ rule DITEKSHEN_MALWARE_Win_Slothfulmedia : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1539-L1565"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1539-L1565"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6f742e8d9d555b44daaa09835f599c99e16cd39bb106c8f43fbbca7093de462e"
 		score = 75
 		quality = 73
@@ -228275,8 +232493,8 @@ rule DITEKSHEN_MALWARE_Win_Ircbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1567-L1596"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1567-L1596"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ea640202cfbd0c3425a192c45938f632dc644f41c7974118e7491b026122818"
 		score = 75
 		quality = 67
@@ -228318,8 +232536,8 @@ rule DITEKSHEN_MALWARE_Win_Apocalypse : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1598-L1615"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1598-L1615"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d18ac492ad57cf390f20693cb47ae2c6e3dbdd921fa846130a4bc20047e1aa27"
 		score = 75
 		quality = 75
@@ -228351,8 +232569,8 @@ rule DITEKSHEN_MALWARE_Win_Osno : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1617-L1652"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1617-L1652"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3df59c306017001467a5f237db2ab37d97c34116558e18420a6a1f01f08f520f"
 		score = 75
 		quality = 73
@@ -228400,8 +232618,8 @@ rule DITEKSHEN_MALWARE_Win_Betabot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1654-L1666"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1654-L1666"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e594d01874ee622169d6708ddc6cfde7f1d26d2bea1604961dc860700e8a1d5d"
 		score = 75
 		quality = 73
@@ -228428,8 +232646,8 @@ rule DITEKSHEN_MALWARE_Win_Wshratplugin : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1668-L1685"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1668-L1685"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3feeab43b58b533b7d2d41a71f2107e6f05b9c54ff805607843d253cadbe9384"
 		score = 75
 		quality = 75
@@ -228461,8 +232679,8 @@ rule DITEKSHEN_MALWARE_Win_Revengerat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1687-L1713"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1687-L1713"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be9e50052f45b94d5995db723dd64d16a91c5ba0d3f589c018155c0cce45124f"
 		score = 75
 		quality = 75
@@ -228501,8 +232719,8 @@ rule DITEKSHEN_MALWARE_Win_TRAT : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1715-L1730"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1715-L1730"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b8474c74cd9f21fcb3a8ae1c7a7a0a801f0f117782e9803cdae39daf7f0f8b2f"
 		score = 75
 		quality = 75
@@ -228532,8 +232750,8 @@ rule DITEKSHEN_MALWARE_Win_Matiex : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1768-L1788"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1768-L1788"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62b45c43d99bef93a6c0e72200b869fdce331f8fa325640df7d8b72af56a3ef2"
 		score = 75
 		quality = 73
@@ -228566,8 +232784,8 @@ rule DITEKSHEN_MALWARE_Win_Iamthekingkeylogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1790-L1805"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1790-L1805"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "80d8cabfd02cd73e19e6cf1c2a8a5f06c5b3b502fe4f07289e92b448425aaa6d"
 		score = 75
 		quality = 75
@@ -228597,8 +232815,8 @@ rule DITEKSHEN_MALWARE_Win_Iamthekingscrcap : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1807-L1821"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1807-L1821"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "594ddad4e08bad51f90de1c4299e28b4800b4fa686bd4176e406ba401a1242ba"
 		score = 75
 		quality = 75
@@ -228627,8 +232845,8 @@ rule DITEKSHEN_MALWARE_Win_Iamthekingkingofhearts : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1823-L1843"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1823-L1843"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "75b6dd0ebb90fd04f9e4a0b1fc6a1bbf417fc66daad24c8b01f0390f6155ec55"
 		score = 75
 		quality = 75
@@ -228662,8 +232880,8 @@ rule DITEKSHEN_MALWARE_Win_Cobaltstrike : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1845-L1864"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1845-L1864"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "43513aef0ed715f0c214d7a14e465350f9c1bcadf87535e1c12561e976398bb3"
 		score = 75
 		quality = 50
@@ -228696,8 +232914,8 @@ rule DITEKSHEN_MALWARE_Win_Redlinedropperahk : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1866-L1878"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1866-L1878"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0950fe9daa02f3a8fd527f75275766111be7e8774578963b0bdb455800dfc4f9"
 		score = 75
 		quality = 75
@@ -228724,8 +232942,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1880-L1894"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1880-L1894"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7aec81655af9b779a314c3e2cff933aa6426fcfe21b5a87e60e159c7e7f5238a"
 		score = 75
 		quality = 75
@@ -228754,8 +232972,8 @@ rule DITEKSHEN_MALWARE_Linux_PLEAD : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1896-L1920"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1896-L1920"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "539998248ded0eb8ea1702c527804f89cfd55412f17ec699bd0af801f4fba673"
 		score = 75
 		quality = 75
@@ -228793,8 +233011,8 @@ rule DITEKSHEN_MALWARE_Win_CRAT : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1922-L1944"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1922-L1944"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a9fef68e110a1564dd5956408abcc3736cfa6853e1ac5510a089cc68f6bdc35"
 		score = 75
 		quality = 75
@@ -228831,8 +233049,8 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginkeylogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1946-L1962"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1946-L1962"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "58ef1f7466fcc871be2e74aa447c76970fd90c9d9d345a896fb8e6335114d189"
 		score = 75
 		quality = 75
@@ -228863,8 +233081,8 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginclipboardmonitor : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1964-L1979"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1964-L1979"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c3e692a06388e143a8e1053e75a6eb6a82da5bdf26d38e3a0e339bc20d8312a1"
 		score = 75
 		quality = 75
@@ -228894,8 +233112,8 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginscreencapture : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L1981-L2000"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L1981-L2000"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7b4378ae883d01338fabe2eb50a5509b722c661e63afc287afa07b263a0ebc42"
 		score = 75
 		quality = 75
@@ -228929,8 +233147,8 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginransomhansom : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2002-L2020"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2002-L2020"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b22f6d22630f311241634513eb051df2b36af84a938c1ae1f5284e5a5d7d3077"
 		score = 75
 		quality = 73
@@ -228963,8 +233181,8 @@ rule DITEKSHEN_MALWARE_Win_Aliencrypter : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2022-L2036"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2022-L2036"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "28a2a6e6d58fd6efbb5753a7be5b621a3eac546d45f9481b9dd2641cbe70b547"
 		score = 75
 		quality = 75
@@ -228993,8 +233211,8 @@ rule DITEKSHEN_MALWARE_Win_Ficker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2038-L2055"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2038-L2055"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "adcc0ffc0e1ded36dc41c22d10d2ea293d5740484203892bcecf89a5f4001452"
 		score = 75
 		quality = 75
@@ -229026,8 +233244,8 @@ rule DITEKSHEN_MALWARE_Win_Xorist : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2057-L2078"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2057-L2078"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b34e3fa065cabcd8d26908866e53ff599631128e1da884e42a2e63d890879eaa"
 		score = 75
 		quality = 75
@@ -229063,8 +233281,8 @@ rule DITEKSHEN_MALWARE_Win_PYSA : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2080-L2100"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2080-L2100"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e614b827bd8d065e94852fed01497c785bf90c52c3624aff9939b3f40ecf96a4"
 		score = 75
 		quality = 75
@@ -229099,8 +233317,8 @@ rule DITEKSHEN_MALWARE_Win_Polar : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2102-L2123"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2102-L2123"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4f05a8ace9a03d02f54f0ebdd5349d1d1b23db8e34aa71edd44eebf02b88745c"
 		score = 75
 		quality = 75
@@ -229136,8 +233354,8 @@ rule DITEKSHEN_MALWARE_Win_Bitrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2125-L2153"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2125-L2153"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "128c3c8cea0439f272de241c77fc9ed46e64419e497091e444e98123dad059cb"
 		score = 75
 		quality = 25
@@ -229180,8 +233398,8 @@ rule DITEKSHEN_MALWARE_Win_Poullight : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2155-L2176"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2155-L2176"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e60ffb10892d35664a088d69c965e130f87bb1a59c257d484bdfe5085074bccd"
 		score = 75
 		quality = 75
@@ -229217,8 +233435,8 @@ rule DITEKSHEN_MALWARE_Linux_Xorddos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2209-L2220"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2209-L2220"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "192378d903316c1d80b064e78feb6ed9d2ffc9e6c7dc0c8df223d83d17e4e8d9"
 		score = 75
 		quality = 75
@@ -229244,8 +233462,8 @@ rule DITEKSHEN_MALWARE_Win_Blacknet : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2222-L2250"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2222-L2250"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "64e00325a5a6a595067c6133800e73d943f45e2783475c24ed4a9bd9937fe0d6"
 		score = 75
 		quality = 75
@@ -229288,8 +233506,8 @@ rule DITEKSHEN_MALWARE_Win_Stormkitty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2252-L2269"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2252-L2269"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5d139aad6932f177cd14e0356f822ad68ddc659ea4fabd2fd2fbcbc8bad58888"
 		score = 75
 		quality = 75
@@ -229321,8 +233539,8 @@ rule DITEKSHEN_MALWARE_Win_Bulz01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2271-L2281"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2271-L2281"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "29884dda4936016660f5d1e33ffcf97a20c7d3116483a5895a5e2a1dd4ac9e9f"
 		score = 75
 		quality = 75
@@ -229345,8 +233563,8 @@ rule DITEKSHEN_MALWARE_Win_Revcoderat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2283-L2332"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2283-L2332"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e5bf1ce79b7955f597df1a9e361a3be892de55cd3db767278d4ccc02ace9e9f5"
 		score = 75
 		quality = 48
@@ -229408,8 +233626,8 @@ rule DITEKSHEN_MALWARE_Win_Powerpool_STG1 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2334-L2361"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2334-L2361"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ab00d6e3007743a8bb30fbcdb435ac49101b52face55549ae454c64345caff9"
 		score = 75
 		quality = 75
@@ -229451,8 +233669,8 @@ rule DITEKSHEN_MALWARE_Win_Powerpool_STG2 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2363-L2395"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2363-L2395"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b80712bab281dbde816e2eda6ab1b4a9e21be26578fb755a1e1e1635675aa911"
 		score = 75
 		quality = 73
@@ -229499,8 +233717,8 @@ rule DITEKSHEN_MALWARE_Win_Egregor : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2397-L2434"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2397-L2434"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d39a7bf89a7574f7dfe56db78c8cdbbee97782f829805d4ee87fd9f1635154cd"
 		score = 75
 		quality = 75
@@ -229542,8 +233760,8 @@ rule DITEKSHEN_MALWARE_Win_Redlinedropperexe : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2461-L2484"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2461-L2484"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cd1fb4a1d0883221dbdcc519db7f54b0f7285e8a19201dbc586c2520e8086bc2"
 		score = 75
 		quality = 75
@@ -229573,8 +233791,8 @@ rule DITEKSHEN_MALWARE_Win_Nibiru : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2486-L2504"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2486-L2504"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f3718e9091b09e0f47ecd6715a3a2c160ede6ab9fb144e7ed115dd5a25c8e379"
 		score = 75
 		quality = 75
@@ -229607,8 +233825,8 @@ rule DITEKSHEN_MALWARE_Win_Medusalocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2506-L2537"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2506-L2537"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e2a0a9f12f550a5c6a11731710e0dc2c2e26d17f43d2385bf6e298518631771"
 		score = 75
 		quality = 73
@@ -229654,8 +233872,8 @@ rule DITEKSHEN_MALWARE_Win_Ransomexx : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2539-L2555"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2539-L2555"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "351398d89b847b3439fa58b7aab50f3c6e48be27877d3f8b85cc78e994413ecc"
 		score = 75
 		quality = 75
@@ -229686,8 +233904,8 @@ rule DITEKSHEN_MALWARE_Win_Quasarstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2557-L2572"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2557-L2572"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4b6ab49992db4d7bf4404d51b0ef1773249de89545ec31176ad45d00803ba703"
 		score = 75
 		quality = 75
@@ -229717,8 +233935,8 @@ rule DITEKSHEN_MALWARE_Win_Bandook : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2676-L2705"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2676-L2705"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bff09f769aae890d81efe9926cc8ce85c1caa4eeeb6bc7d2321d2d906ac8d6cf"
 		score = 75
 		quality = 75
@@ -229760,8 +233978,8 @@ rule DITEKSHEN_MALWARE_Win_Kimsuky : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2707-L2730"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2707-L2730"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9f9e64a9cfb3f61bc6b355035c5f0644e4750b740e05cb557c6183c7acfc5a19"
 		score = 75
 		quality = 75
@@ -229799,8 +234017,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2732-L2753"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2732-L2753"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dea63edd48759fd04875e2eb8ac8b00ff801767f071337c667e31c15f0925cdc"
 		score = 75
 		quality = 50
@@ -229833,8 +234051,8 @@ rule DITEKSHEN_MALWARE_Win_Salfram : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2755-L2766"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2755-L2766"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "19d7934727baa870dcd3ec77ba596cd64e49763477ba3feb7baec5ab6d3866d3"
 		score = 75
 		quality = 75
@@ -229860,8 +234078,8 @@ rule DITEKSHEN_MALWARE_Win_Hawkeyev9
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2768-L2793"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2768-L2793"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d24111930dd0230c01963a90c9fbbc0a0a71df170c2ca116bb329e6158cb681c"
 		score = 75
 		quality = 75
@@ -229901,8 +234119,8 @@ rule DITEKSHEN_MALWARE_Win_Hyperbro : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2795-L2813"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2795-L2813"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6e86ef963de885e0bf92ead075e265618c0745104d223302edd824d409c45cd"
 		score = 75
 		quality = 75
@@ -229935,8 +234153,8 @@ rule DITEKSHEN_MALWARE_Linux_UNK01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2815-L2836"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2815-L2836"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8bb4822c1c7e0f52726ecafafa696d83c741257587f351360c5295163c245450"
 		score = 75
 		quality = 75
@@ -229972,8 +234190,8 @@ rule DITEKSHEN_MALWARE_Linux_UNK02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2838-L2852"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2838-L2852"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4cde21932c27fe3c08495f557b5e086b1fb668d8b5508249891828b9ed48edd4"
 		score = 75
 		quality = 75
@@ -230002,8 +234220,8 @@ rule DITEKSHEN_MALWARE_Win_Itranslatorexe : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2854-L2874"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2854-L2874"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3c796d58cdf2d4dc4c838d05fb862640c7f9de6c7e8ebb5fb0002821354208d9"
 		score = 75
 		quality = 50
@@ -230038,8 +234256,8 @@ rule DITEKSHEN_MALWARE_Win_Itranslatordll : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2876-L2892"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2876-L2892"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca0479efd241058f358553b6382a1987a5b4c069965f4adb88cd2f3fc4bef21a"
 		score = 75
 		quality = 75
@@ -230070,8 +234288,8 @@ rule DITEKSHEN_MALWWARE_Win_Octopus : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2894-L2917"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2894-L2917"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "012b75c94be3021dbcc5b8e8bd62f807c9aa8bc0df94f830a5294aaf0d21b9fc"
 		score = 75
 		quality = 23
@@ -230109,8 +234327,8 @@ rule DITEKSHEN_MALWARE_Win_Caspertroy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2919-L2931"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2919-L2931"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ce070b1e6279ef9fa47f84da7c5166cd93b3e7a0f95541ae14c048b2af9bc431"
 		score = 75
 		quality = 75
@@ -230137,8 +234355,8 @@ rule DITEKSHEN_MALWARE_Win_Rasftuby : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2933-L2950"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2933-L2950"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b769c1986d23173cf8a8a3c8a14d388a7c0327e46d936fc97c449dc55f2a5575"
 		score = 75
 		quality = 75
@@ -230170,8 +234388,8 @@ rule DITEKSHEN_MALWARE_Win_Protonbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2952-L2969"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2952-L2969"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b511dfd47109d36ffc7fcb23b49779e1164d50a28061ab724d7a2c744ac23ac8"
 		score = 75
 		quality = 75
@@ -230203,8 +234421,8 @@ rule DITEKSHEN_MALWARE_Win_Imminentrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2971-L2994"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2971-L2994"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f959fd28e818b17c962fcd5bb99fa5ac0058f22494950e0200f139703f3e756a"
 		score = 75
 		quality = 75
@@ -230242,8 +234460,8 @@ rule DITEKSHEN_MALWARE_Win_Warzonerat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L2996-L3011"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L2996-L3011"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1af8b0f90b0de3287499082a6d6d9da6ed62a3110018e0c0f7149353693060b2"
 		score = 75
 		quality = 75
@@ -230273,8 +234491,8 @@ rule DITEKSHEN_MALWARE_Win_Karaganycore : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3013-L3027"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3013-L3027"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cde96ac6477fda1312ce4f7532018c9f11df7d39c40155d10bdde0e3d84c6d57"
 		score = 75
 		quality = 75
@@ -230303,8 +234521,8 @@ rule DITEKSHEN_MALWARE_Win_Karaganykeylogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3029-L3041"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3029-L3041"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7f1f5b2ca67e62380c8a8095fed4a4fd76d7bc15c9fe2d76e780ad85f886ef7b"
 		score = 75
 		quality = 23
@@ -230331,8 +234549,8 @@ rule DITEKSHEN_MALWARE_Win_Karaganyscreenutil : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3043-L3055"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3043-L3055"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d10230d94adfdddd604e2569ae3323efa1d5722647b9c704fceefe9446ccebd1"
 		score = 75
 		quality = 75
@@ -230359,8 +234577,8 @@ rule DITEKSHEN_MALWARE_Win_Karaganylistrix : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3057-L3069"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3057-L3069"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "02216061dbe93b7bea108f4b27c052d87c14cfe9395c6c5d4eed46ed7819e7ae"
 		score = 75
 		quality = 75
@@ -230387,8 +234605,8 @@ rule DITEKSHEN_MALWARE_Osx_Macsearch : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3071-L3092"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3071-L3092"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "973b7215fc8d04685a46d05b53b4092e7b81ed0d64d6982b534f2b89d0a59443"
 		score = 75
 		quality = 71
@@ -230424,8 +234642,8 @@ rule DITEKSHEN_MALWARE_Osx_Genieo : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3094-L3112"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3094-L3112"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "951dc8539435a52d9eea00b3fdaf98cf618c03867066819f2f9244165e57c675"
 		score = 75
 		quality = 75
@@ -230458,8 +234676,8 @@ rule DITEKSHEN_MALWARE_Osx_AMCPCVARK : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3114-L3139"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3114-L3139"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b18a9f578af98feb5107d9ef85850457ba5921ab58af7b097a815e3af74f05f7"
 		score = 75
 		quality = 75
@@ -230496,8 +234714,8 @@ rule DITEKSHEN_MALWARE_Osx_Realtimespy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3141-L3166"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3141-L3166"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ef2e1b8d34962cd3eab23f401b764b38b8332233aa2ae91b218af499d8ab8ff"
 		score = 75
 		quality = 57
@@ -230536,8 +234754,8 @@ rule DITEKSHEN_MALWARE_Osx_Maxofferdeal : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3168-L3187"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3168-L3187"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a9788b2049ae7f345760a078b2932e79fe8fc0dd71e0446c213df64480c3e3d6"
 		score = 75
 		quality = 46
@@ -230571,8 +234789,8 @@ rule DITEKSHEN_MALWARE_Osx_Windtrail : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3189-L3206"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3189-L3206"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "291f919cb1e8c4b33960dd3f2c842b9efec04852bd5661543e3ee60bc0fc5ba6"
 		score = 75
 		quality = 73
@@ -230604,8 +234822,8 @@ rule DITEKSHEN_MALWARE_Osx_Techyutils : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3208-L3224"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3208-L3224"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "071c67cace09dd66233bd4c4dd78c32d0f39f7e38dc06ec62e09fef67762d098"
 		score = 75
 		quality = 73
@@ -230636,8 +234854,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent04 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3247-L3263"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3247-L3263"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "73e6af7c32d38ec5d1d2bc9f2517860367b46779b53e0faff8885b655561ab01"
 		score = 75
 		quality = 75
@@ -230668,8 +234886,8 @@ rule DITEKSHEN_MALWARE_Win_Gdriverat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3265-L3284"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3265-L3284"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "134e66d0afc90e7fbab2c9dd034f85eb504903481e12c1ab8d7bab9321da817a"
 		score = 75
 		quality = 50
@@ -230703,8 +234921,8 @@ rule DITEKSHEN_MALWARE_Win_STOP : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3286-L3309"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3286-L3309"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "61f7e7c1139c56088b2f58b78ae132ffcfef0f931c15b67ea775b0d5e51d189d"
 		score = 75
 		quality = 73
@@ -230742,8 +234960,8 @@ rule DITEKSHEN_MALWARE_Win_Parallaxrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3311-L3328"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3311-L3328"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7fd94dee44079b595b906f1687f44b51b8cebabbeb0900563b8d4fcc0e46bdd0"
 		score = 75
 		quality = 75
@@ -230775,8 +234993,8 @@ rule DITEKSHEN_MALWARE_Win_Meterpreter : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3330-L3343"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3330-L3343"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5226cd7bb2344b822ee94d75f81a523ff701778de97a32ae52c604a4855e960c"
 		score = 75
 		quality = 75
@@ -230803,8 +235021,8 @@ rule DITEKSHEN_MALWARE_Win_Trojan_Expresscms : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3366-L3382"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3366-L3382"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "64d551e0c11b6394f9ae2b8fa749c36cb1b5c3f498592f95dc19fdea23c53160"
 		score = 75
 		quality = 75
@@ -230835,8 +235053,8 @@ rule DITEKSHEN_MALWARE_Win_Meterpreterstager : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3384-L3395"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3384-L3395"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0ac53a10abb1e4dd7da57872cd1779851d953127a912c31a5e411d8eb9bd07f4"
 		score = 75
 		quality = 75
@@ -230862,8 +235080,8 @@ rule DITEKSHEN_MALWARE_Win_Ziggy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3397-L3421"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3397-L3421"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "103a50511971161ca673e0c8378aeca2fa7d0f6309966bbb2b70e0d039e0f196"
 		score = 75
 		quality = 75
@@ -230902,8 +235120,8 @@ rule DITEKSHEN_MALWARE_Win_Nworm : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3423-L3443"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3423-L3443"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a1397a057422be260b5bdf1eb58571e95c259c132cc2518b39e1524a0eda9c66"
 		score = 75
 		quality = 75
@@ -230938,8 +235156,8 @@ rule DITEKSHEN_MALWARE_Win_Qakbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3445-L3457"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3445-L3457"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b64c05eb7ac03b2b4709f9979d117e4cacc617f21d0b3bf1c1be42aa18cc44cc"
 		score = 75
 		quality = 73
@@ -230966,8 +235184,8 @@ rule DITEKSHEN_MALWARE_Win_Fonix : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3459-L3481"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3459-L3481"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "159b8946f7772c76271de821eb12897689bf73d96fc6a1d7c4a65cdc50b877c7"
 		score = 75
 		quality = 75
@@ -231004,8 +235222,8 @@ rule DITEKSHEN_MALWARE_Win_Bobik : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3483-L3498"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3483-L3498"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "735dcb9e04956863305ca89a43686b8e48e3b20784ae9292cfc40d1c2c09d467"
 		score = 75
 		quality = 25
@@ -231035,8 +235253,8 @@ rule DITEKSHEN_MALWARE_Win_Runningrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3500-L3536"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3500-L3536"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3cddec792ad95d823190f12970b8e0515b73be4a91f89cbb2bbde2fa1cfde63"
 		score = 75
 		quality = 23
@@ -231086,8 +235304,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent05 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3538-L3551"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3538-L3551"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e8c7c03451bbfcba7a1ab02f8c1320ad50d17d2e990f0e2f89942faea2a1e531"
 		score = 75
 		quality = 75
@@ -231115,8 +235333,8 @@ rule DITEKSHEN_MALWARE_Win_Nemty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3553-L3577"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3553-L3577"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dcebcddc472f4fb3bb34c35fc5a5424e54bfc3a262fdae10b189d210217b9b37"
 		score = 75
 		quality = 75
@@ -231155,8 +235373,8 @@ rule DITEKSHEN_MALWARE_Win_Qnapcrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3579-L3607"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3579-L3607"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "68fc3f0503d82295ffa5bfb49bda8b790142913217775a2812e3965a6c9a1fe1"
 		score = 75
 		quality = 73
@@ -231199,8 +235417,8 @@ rule DITEKSHEN_MALWARE_Win_Alfonoso : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3609-L3638"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3609-L3638"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "18e5731ffd70abf2ab70852d54dacc3588dd90cfb4f2ceaee66dfce750535b26"
 		score = 75
 		quality = 50
@@ -231244,8 +235462,8 @@ rule DITEKSHEN_MALWARE_Win_Vidar : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3640-L3650"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3640-L3650"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c95c8694c05ff0e8d28f098e668a8ae8fa70130e31af6c0e540c4e5596007e41"
 		score = 75
 		quality = 75
@@ -231270,8 +235488,8 @@ rule DITEKSHEN_MALWARE_Win_Babuk : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3652-L3674"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3652-L3674"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5ca5c5106747cf8f4ccd5df4ddbc78321fea3c8f533cb807a704d270eb956007"
 		score = 75
 		quality = 75
@@ -231308,8 +235526,8 @@ rule DITEKSHEN_MALWARE_Win_Nitol : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3676-L3704"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3676-L3704"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c0ddcd6179bea2f3af77ae198e07f55f62884e07a975623ae41bcec163060f89"
 		score = 75
 		quality = 73
@@ -231352,8 +235570,8 @@ rule DITEKSHEN_MALWARE_Win_Strongpity : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3706-L3720"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3706-L3720"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e92147966cd68152eb536b805c4918462f72f64280d1b3df800bb41266aa232f"
 		score = 75
 		quality = 75
@@ -231382,8 +235600,8 @@ rule DITEKSHEN_MALWARE_Win_Jssloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3722-L3752"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3722-L3752"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "91764dabfb40cb51914110de229ddb00cd565078fef83c825f7a86fa502fda37"
 		score = 75
 		quality = 73
@@ -231428,8 +235646,8 @@ rule DITEKSHEN_MALWARE_Win_CHUWI_Seth : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3754-L3801"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3754-L3801"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e6e3f5e9af093268667f67fec2176a943b35721e9f220804e176c6b5a3bb24e1"
 		score = 75
 		quality = 73
@@ -231483,8 +235701,8 @@ rule DITEKSHEN_MALWARE_Win_Gulpix : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3803-L3832"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3803-L3832"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5026726f093b31b444fc934ac1446b6c25f182b8714a37da05f4498f32a9a65f"
 		score = 75
 		quality = 50
@@ -231519,8 +235737,8 @@ rule DITEKSHEN_MALWARE_Linux_Ransomexx : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3834-L3858"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3834-L3858"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c233ccc3e741cb2c53f182c48093e41595a82a3f4e5bdb1dc0204f1f57b96c2a"
 		score = 75
 		quality = 75
@@ -231558,8 +235776,8 @@ rule DITEKSHEN_MALWARE_Win_Trickbotmodule : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3860-L3881"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3860-L3881"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4d06653dad5f8a18598855212548364b3c3d2b68b99784846b494fcb1d1c8df9"
 		score = 75
 		quality = 75
@@ -231595,8 +235813,8 @@ rule DITEKSHEN_MALWARE_Win_Gaudox : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3883-L3893"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3883-L3893"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "117ee89e264067ab3e695688872bbe7d83963731e877d04ac7e2505e64f6e793"
 		score = 75
 		quality = 75
@@ -231620,8 +235838,8 @@ rule DITEKSHEN_MALWARE_Win_Phobos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3895-L3908"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3895-L3908"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bbf8eef0863e9d6423b3b0f938561b2be486b92b4f59b5d0b67f52dba536a582"
 		score = 75
 		quality = 25
@@ -231649,8 +235867,8 @@ rule DITEKSHEN_MALWARE_Win_Ratty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3910-L3929"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3910-L3929"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d90bca1b18023da8e60cb6ca86d1c562bff3867c6d5cf893dce605ebb92b9637"
 		score = 75
 		quality = 75
@@ -231684,8 +235902,8 @@ rule DITEKSHEN_MALWARE_Win_Fatduke : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3931-L3946"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3931-L3946"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a7923d15b10098e9402614fe7107a6ba1d71512efa6e462d522ef64e13f82b47"
 		score = 75
 		quality = 75
@@ -231713,8 +235931,8 @@ rule DITEKSHEN_MALWARE_Win_Miniduke : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3948-L3969"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3948-L3969"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c3ab139b4fda2ff9678ceecbdf5ac0c57536bd658f62aa9d19610028b0a5f92c"
 		score = 75
 		quality = 75
@@ -231749,8 +235967,8 @@ rule DITEKSHEN_MALWARE_Win_Polyglotduke : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3971-L3986"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3971-L3986"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c1fb8ea1d21768cbd65bd7b91e3f817fa97a0a933b511dff2ae4d5db49bdb2ec"
 		score = 75
 		quality = 75
@@ -231775,8 +235993,8 @@ rule DITEKSHEN_MALWARE_Win_Guidlma : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L3988-L4006"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L3988-L4006"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "11a0d9c67139627b6820c928840d816ed22b48452ce0b2f856c86c183cdfc8ab"
 		score = 75
 		quality = 25
@@ -231809,8 +236027,8 @@ rule DITEKSHEN_MALWARE_Win_Cybergate : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4008-L4026"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4008-L4026"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b4a3c07533c2b251e1a714b28fb0b654c76881fb6ce970f6586c5908ee65609b"
 		score = 75
 		quality = 46
@@ -231843,8 +236061,8 @@ rule DITEKSHEN_MALWARE_Win_WSHRATJS : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4028-L4045"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4028-L4045"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9956ed4613ac403360ab0222a7ed62350fcd998710843bd6700717f8bbb5052e"
 		score = 75
 		quality = 75
@@ -231876,8 +236094,8 @@ rule DITEKSHEN_MALWARE_Win_Asyncrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4047-L4074"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4047-L4074"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "073d4a8667fb1a48bf2bd503a551d7f78e38a6066feedc646d92c27fb7201fca"
 		score = 60
 		quality = 35
@@ -231917,8 +236135,8 @@ rule DITEKSHEN_MALWARE_Win_Quilclipper
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4076-L4094"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4076-L4094"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dcac93806a438b188ae70a679301cb6630b9eb6849bf8fbbb1cea5fed5e7cf75"
 		score = 75
 		quality = 75
@@ -231951,8 +236169,8 @@ rule DITEKSHEN_MALWARE_Win_Spyeye : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4096-L4111"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4096-L4111"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "352853d600d1f4fbc09e58b783eb4e13b335fefbfe89842873710f0a9085d107"
 		score = 75
 		quality = 75
@@ -231982,8 +236200,8 @@ rule DITEKSHEN_MALWARE_Win_Renamer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4114-L4135"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4114-L4135"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "df80657631f072bc1627e1cf503881a2c065396f8798d7f347259672f600198d"
 		score = 75
 		quality = 75
@@ -232011,8 +236229,8 @@ rule DITEKSHEN_MALWARE_Win_Epsilon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4137-L4169"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4137-L4169"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc4481ddb6f5fd52a0bc901dde4c34ccf79024cd68605245df0dcbea22d0adee"
 		score = 75
 		quality = 75
@@ -232059,8 +236277,8 @@ rule DITEKSHEN_MALWARE_Win_Corebot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4171-L4226"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4171-L4226"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "518209458fc8912d47b0b99896178fda823c3174c37f21d5e9331349a69322d7"
 		score = 75
 		quality = 50
@@ -232129,8 +236347,8 @@ rule DITEKSHEN_MALWARE_Win_Dllloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4228-L4239"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4228-L4239"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aaf1ff0f93d1fe6cf189c9f30403c226e64146178150dff8dfd3a9e3ed84bcc2"
 		score = 75
 		quality = 75
@@ -232156,8 +236374,8 @@ rule DITEKSHEN_MALWARE_Win_Farfli : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4241-L4253"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4241-L4253"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cb1856b32c66d6d070b8ec2d9feea25d6d6748057ceaa342be2ddc589f9a89d6"
 		score = 75
 		quality = 50
@@ -232184,8 +236402,8 @@ rule DITEKSHEN_MALWARE_Win_Warezov : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4255-L4269"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4255-L4269"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e65922902fd18175a3ce7b600d46535e92b92240fa3ca83dced6f9ce14f3e815"
 		score = 75
 		quality = 75
@@ -232214,8 +236432,8 @@ rule DITEKSHEN_MALWARE_Win_Arechclient2 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4271-L4303"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4271-L4303"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0d841f4d4664fb09801c51f7b65e897e4e698753ad67fc20e2b81d98c0b3d07d"
 		score = 75
 		quality = 73
@@ -232262,8 +236480,8 @@ rule DITEKSHEN_MALWARE_Win_Killmbr : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4305-L4316"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4305-L4316"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1ed9206f90052df7e533be4612afa373e5e69fba8f5b5ae4df1c09a9d98958cf"
 		score = 75
 		quality = 75
@@ -232289,8 +236507,8 @@ rule DITEKSHEN_MALWARE_Win_Lcpdot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4318-L4337"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4318-L4337"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b0f77f17976c38a69c2ff0d84002f2db29a4d25873309259519115b5f2b210ff"
 		score = 75
 		quality = 75
@@ -232324,8 +236542,8 @@ rule DITEKSHEN_MALWARE_Win_Torisma : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4339-L4355"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4339-L4355"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bd3823f8a91fdfc443e20bcb299a5103b7176a694f0d5328e7986de83f677a31"
 		score = 75
 		quality = 75
@@ -232356,8 +236574,8 @@ rule DITEKSHEN_MALWARE_Win_Thanos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4357-L4389"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4357-L4389"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ce7cdfe4bca31e21d6fa31a75c46737a41fae3b5b0fda818e3a4709ceaf9bf5"
 		score = 75
 		quality = 73
@@ -232404,8 +236622,8 @@ rule DITEKSHEN_MALWARE_Win_Tmanager : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4391-L4410"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4391-L4410"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cdbcc00ae67c9161f6db89cfa658c8bc8fb7fab3915ac5ae99bdd34c42ee2abb"
 		score = 75
 		quality = 75
@@ -232439,8 +236657,8 @@ rule DITEKSHEN_MALWARE_Win_Sn0Wlogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4412-L4428"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4412-L4428"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ea4b2281f906271dc249b5036b22eadfc5add94def4f8e4f8a40c384618465d8"
 		score = 75
 		quality = 75
@@ -232471,8 +236689,8 @@ rule DITEKSHEN_MALWARE_Win_Danabot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4430-L4459"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4430-L4459"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d037b46d719159dc3e60f0c7143022ce8745cfd753c3754ae80a220a838567d"
 		score = 75
 		quality = 50
@@ -232510,8 +236728,8 @@ rule DITEKSHEN_MALWARE_Win_Klackring : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4461-L4475"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4461-L4475"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b894e89de720affadd80966d726a44ffce75d71095b0530edb6bfddb76660c54"
 		score = 75
 		quality = 75
@@ -232540,8 +236758,8 @@ rule DITEKSHEN_MALWARE_Win_Comebacker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4477-L4492"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4477-L4492"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0d806fd199f0e8e3576ca837781c2fa06f1a09d75ea16602effb72754d8e4940"
 		score = 75
 		quality = 50
@@ -232571,8 +236789,8 @@ rule DITEKSHEN_MALWARE_Win_Suncrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4494-L4532"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4494-L4532"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "abde9bbf2577304ff059972a38e803ba17de7a1f0346efe880a710f2ad79db37"
 		score = 75
 		quality = 73
@@ -232625,8 +236843,8 @@ rule DITEKSHEN_MALWARE_Win_Zegost : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4534-L4560"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4534-L4560"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "96727a0f5c113e5cdfe871f104553fd1c04a8f63ecbb8db7223afb71fcdd4087"
 		score = 75
 		quality = 75
@@ -232667,8 +236885,8 @@ rule DITEKSHEN_MALWARE_Win_GENERIC01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4562-L4575"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4562-L4575"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ddae979db5ddda772ca66a3d50e4b5479b16052ea002fd04fdbf295ce784e291"
 		score = 75
 		quality = 75
@@ -232696,8 +236914,8 @@ rule DITEKSHEN_MALWARE_Win_GENERIC02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4577-L4591"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4577-L4591"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4f750c871ee061ed2d5d1f68e6ac1f56b8127321cfc207e2dd1dbed9d9848ce5"
 		score = 75
 		quality = 25
@@ -232726,8 +236944,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent06 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4593-L4610"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4593-L4610"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9188804ad0e08f3e0cd09eb8815abea14da5aa28aef9084d19108a24f49f65c7"
 		score = 75
 		quality = 75
@@ -232759,8 +236977,8 @@ rule DITEKSHEN_MALWARE_Win_PWSH_Poshkeylogger
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4612-L4627"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4612-L4627"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "20bde87ded7e3b68bc554c4b9a6c2ef08514f0d47b6b144763927bede81ea540"
 		score = 75
 		quality = 75
@@ -232790,8 +237008,8 @@ rule DITEKSHEN_MALWARE_Win_Fujinamarat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4629-L4645"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4629-L4645"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "42557094afe67196442f46d76f156c09852d694bcc5f03eac51e79ad247c2fdd"
 		score = 75
 		quality = 75
@@ -232822,8 +237040,8 @@ rule DITEKSHEN_MALWARE_Win_Phorpiex : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4647-L4666"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4647-L4666"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4c48a20aaf37d65471710181238d2c39c1cb0fc5a37b9c411e8d4dcfd7a9e26e"
 		score = 75
 		quality = 75
@@ -232857,8 +237075,8 @@ rule DITEKSHEN_MALWARE_Win_EXEPWSH_Dlagent : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4668-L4687"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4668-L4687"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6380359db1ac775cea3ebb93f7cf22a92d2f2e634c6aa724e2814c10d4ed42f5"
 		score = 75
 		quality = 75
@@ -232892,8 +237110,8 @@ rule DITEKSHEN_MALWARE_Win_Hdlocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4689-L4703"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4689-L4703"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "337678a4a780947841a19c401601f1be7218276c8d4161229567dc4d6026b16a"
 		score = 75
 		quality = 50
@@ -232922,8 +237140,8 @@ rule DITEKSHEN_MALWARE_Win_Vovalex : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4705-L4718"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4705-L4718"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ea695521981f4b007eee50e95f7989dda1f07cc411c59450489bb17391ff29dc"
 		score = 75
 		quality = 75
@@ -232951,8 +237169,8 @@ rule DITEKSHEN_MALWARE_Win_Dharma : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4720-L4728"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4720-L4728"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2727b2c0295e32699e08c3c79d7ac6fd52f1520358ac23290d40df428c969f4b"
 		score = 75
 		quality = 75
@@ -232975,8 +237193,8 @@ rule DITEKSHEN_MALWARE_Win_Cryptolocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4730-L4752"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4730-L4752"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e1700e8ace338c25119305878e8bc52210506bd42183007985ba9601abdab87b"
 		score = 75
 		quality = 73
@@ -233013,8 +237231,8 @@ rule DITEKSHEN_MALWARE_Win_PWSH_Poshwifistealer
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4754-L4765"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4754-L4765"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "769349360b5d22226a5339a9e8471d06731dc522475c9385c1c145a0488e0ad1"
 		score = 75
 		quality = 75
@@ -233040,8 +237258,8 @@ rule DITEKSHEN_MALWARE_Win_Steamhook : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4767-L4781"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4767-L4781"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "da743ca99fd19828e3938875acaf6544f17d884587a59623c8361f5905af4a57"
 		score = 75
 		quality = 73
@@ -233070,8 +237288,8 @@ rule DITEKSHEN_MALWARE_Win_Netwire : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4783-L4805"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4783-L4805"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bae4f0cd7a431336bd784ba95f6ba3396e6f0f12c081e62482ad37ff859c1f1c"
 		score = 75
 		quality = 75
@@ -233108,8 +237326,8 @@ rule DITEKSHEN_MALWARE_Win_Breakstaf : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4807-L4827"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4807-L4827"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "56078b797c64ce77398f9b92e5677f7159d8357eafb03cf62bb30f06d4f3b2e3"
 		score = 75
 		quality = 73
@@ -233144,8 +237362,8 @@ rule DITEKSHEN_MALWARE_Win_Kitty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4829-L4847"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4829-L4847"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a36755c81ec70c127bb73448fc29325444b85b5f0704327fc81975c2af2e99e"
 		score = 75
 		quality = 75
@@ -233178,8 +237396,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent07 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4849-L4867"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4849-L4867"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1e0001d18524d0d34ad876e67e2c4dc0495ee18a73c34f53f97367876e27b406"
 		score = 75
 		quality = 75
@@ -233212,8 +237430,8 @@ rule DITEKSHEN_MALWARE_Win_Clop : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4869-L4889"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4869-L4889"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a1a21100c468c4db147f97b0724b7a3aefbb92b157071bfe6f61d02768573b44"
 		score = 75
 		quality = 75
@@ -233248,8 +237466,8 @@ rule DITEKSHEN_MALWARE_Win_Maktub : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4891-L4905"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4891-L4905"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c11d04fc3088eb8a0132b9ed83748ddb7e1bbe9d03b9e884d4003181cbb6d69"
 		score = 75
 		quality = 75
@@ -233278,8 +237496,8 @@ rule DITEKSHEN_MALWARE_Win_Pwshloader_Runpe01
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4907-L4920"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4907-L4920"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7dd377f6a1cc48ef8ab9d53989755fb967c89d3798b721781bc09043ba3d86f4"
 		score = 75
 		quality = 75
@@ -233307,8 +237525,8 @@ rule DITEKSHEN_MALWARE_Win_Pwshloader_Runpe02
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4922-L4934"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4922-L4934"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d7677689938d3e3eb6b59b99b7e347c60214f6edf8e5f83bf85da5a5f1ad33bb"
 		score = 75
 		quality = 75
@@ -233335,8 +237553,8 @@ rule DITEKSHEN_MALWARE_Win_Peloader_Runpe : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4936-L4950"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4936-L4950"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0369c3e2f83a0265c81e5dcd10b4d88753bd6ce3da4bb893a364486712a2b80d"
 		score = 75
 		quality = 75
@@ -233365,8 +237583,8 @@ rule DITEKSHEN_MALWARE_Win_Peloader_INF : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4952-L4963"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4952-L4963"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "758f7b465b8f9dab5c1194bee266392efe143ac219a5307e6886845b3c862700"
 		score = 75
 		quality = 75
@@ -233392,8 +237610,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent08 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4965-L4975"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4965-L4975"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0238c13b00e5778ef216b4e8576c321803da6e269c96c3051b9cc45a3ac6e567"
 		score = 75
 		quality = 75
@@ -233418,8 +237636,8 @@ rule DITEKSHEN_MALWARE_Win_Doejocrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4977-L4993"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4977-L4993"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f8a3897de9522340799a59e3e755c323b0defaab73a9030b6b69a1a82c05dcd0"
 		score = 75
 		quality = 75
@@ -233450,8 +237668,8 @@ rule DITEKSHEN_MALWARE_Win_Sunshuttle : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L4995-L5017"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L4995-L5017"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fa8feb069e73aa0a7fcb4daecc1fdf8edeff65e5aeefef161626647fe989e5c0"
 		score = 75
 		quality = 75
@@ -233488,8 +237706,8 @@ rule DITEKSHEN_MALWARE_Win_Ranzylocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5019-L5042"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5019-L5042"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "15897144843acf49b81c5428fd1bb56d7a2acf16047a6e5d3ca4f2aaa8891577"
 		score = 75
 		quality = 75
@@ -233527,8 +237745,8 @@ rule DITEKSHEN_MALWARE_Win_Wobbychipmbr : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5044-L5060"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5044-L5060"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "168c7f610625131c9552252d2b824a90918d2961996ee0f783497dff5cf17351"
 		score = 75
 		quality = 75
@@ -233559,8 +237777,8 @@ rule DITEKSHEN_MALWARE_Win_Snatch : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5062-L5091"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5062-L5091"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf8c33a7203458c80a43944c3117bb897b1702f0024271904d9be682cbd695fc"
 		score = 75
 		quality = 73
@@ -233604,8 +237822,8 @@ rule DITEKSHEN_MALWARE_Win_Meteorite : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5093-L5109"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5093-L5109"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0ae8183d949046be4257b48571a266f2501d60dd302f511ca1a2d518884e6a7f"
 		score = 75
 		quality = 75
@@ -233636,8 +237854,8 @@ rule DITEKSHEN_MALWARE_Win_Legionlocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5111-L5129"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5111-L5129"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2da897b5603415f14fff134b3a94d77e6963da79e117d26ba16e6b04e45f4045"
 		score = 75
 		quality = 75
@@ -233670,8 +237888,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagentgo : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5131-L5144"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5131-L5144"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b9dd2446eddff18be00feb34d8911600feb395a9ce2566786d42b48b444230d0"
 		score = 75
 		quality = 75
@@ -233699,8 +237917,8 @@ rule DITEKSHEN_MALWARE_Win_Blackmoon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5146-L5155"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5146-L5155"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "05bfde8ec3a469df5707c195e25995ac6af730e8a1595b1a598276c024420be2"
 		score = 75
 		quality = 75
@@ -233724,8 +237942,8 @@ rule DITEKSHEN_MALWARE_Win_Iceid : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5157-L5176"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5157-L5176"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "204b4c297806a36ca14bb3e659824f4eb49b18308af7090f0db1194705f1e2c9"
 		score = 75
 		quality = 75
@@ -233759,8 +237977,8 @@ rule DITEKSHEN_MALWARE_Win_Purge : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5178-L5201"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5178-L5201"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "83d13eca69bc99539e47d6d29689edf2a4fcd2260c6e909582126a490eef8115"
 		score = 75
 		quality = 75
@@ -233798,8 +238016,8 @@ rule DITEKSHEN_MALWARE_Win_Njrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5203-L5220"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5203-L5220"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "92d535a7c7f361b7a0901d0b99427ebc82a69577bfea73c04a7f9d51d2054b36"
 		score = 75
 		quality = 25
@@ -233831,8 +238049,8 @@ rule DITEKSHEN_MALWARE_Win_Darktrackrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5222-L5245"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5222-L5245"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2a831c0f7707864d8c9e9fa338085a52933869d8cfbdbe0d12715da301c12646"
 		score = 75
 		quality = 75
@@ -233870,8 +238088,8 @@ rule DITEKSHEN_MALWARE_Win_Godzilla : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5247-L5265"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5247-L5265"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ff87fbaaf488ac69e06a03a7f8e5305ec114caa6271c25fa130033f50f0d9095"
 		score = 75
 		quality = 75
@@ -233904,8 +238122,8 @@ rule DITEKSHEN_MALWARE_Win_UNK03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5267-L5280"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5267-L5280"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1a4be68206628c3addbce8b6bbc1f801e67632d4e6a6af1d45cdad833e9a991"
 		score = 75
 		quality = 75
@@ -233933,8 +238151,8 @@ rule DITEKSHEN_MALWARE_Win_UNK04 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5282-L5296"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5282-L5296"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ba6e5bbc1d094b23e3870af963503d1ccbcd56adc24126b4a38b77d4b88b4b67"
 		score = 75
 		quality = 75
@@ -233963,8 +238181,8 @@ rule DITEKSHEN_MALWARE_Win_Karkoff : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5298-L5313"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5298-L5313"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e9b6ba5be2b3cd0faa898347e57cee5a57b80b19842c3a1ddb42d620307c8b39"
 		score = 75
 		quality = 75
@@ -233994,8 +238212,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent09 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5315-L5328"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5315-L5328"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9336507fa4bb9d3a6325d5e9caafc8c4e816a0166fded7d4e53e09a87628bc89"
 		score = 75
 		quality = 71
@@ -234023,8 +238241,8 @@ rule DITEKSHEN_MALWARE_Win_Coinminingbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5330-L5343"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5330-L5343"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a307a6c9184e8f4068cfa89a8432ae017c8aab10b706ba065051f8749860c15c"
 		score = 75
 		quality = 75
@@ -234052,8 +238270,8 @@ rule DITEKSHEN_MALWARE_Win_Fyanti : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5345-L5351"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5345-L5351"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "baaeef0b1452d7ea41ffaaff592cac2c5e16f921dbbfb3a300a63e69f134e9d0"
 		score = 75
 		quality = 75
@@ -234073,8 +238291,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent10 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5353-L5364"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5353-L5364"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "74647b39331727000608bc89b30189d802e62d59876659d4477deb4da2fcfe13"
 		score = 75
 		quality = 67
@@ -234100,8 +238318,8 @@ rule DITEKSHEN_MALWARE_Win_Pureloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5366-L5382"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5366-L5382"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1f0bd20e769ea79d28d6e60ca06aa8aa2b3436426cfe0cd4f2023a08236875cd"
 		score = 75
 		quality = 75
@@ -234132,8 +238350,8 @@ rule DITEKSHEN_MALWARE_Win_VBS_Dlagent01
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5384-L5395"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5384-L5395"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e47839a55773764aca0aebcf1078c06c729b86d1e2f18d7d64e3bb11e87f3eb"
 		score = 75
 		quality = 75
@@ -234159,8 +238377,8 @@ rule DITEKSHEN_MALWARE_Win_Ranumbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5397-L5430"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5397-L5430"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a9c32445e62d072e4184d25497696ef6225edb176dc7a9743a54194d4ddb4b0c"
 		score = 75
 		quality = 73
@@ -234206,8 +238424,8 @@ rule DITEKSHEN_MALWARE_Win_Dllhijacker01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5432-L5448"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5432-L5448"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48535c0bb5342e2f91ac9d015c761d8d543b122dd3cc08b7029631fcf3037bfb"
 		score = 75
 		quality = 75
@@ -234238,8 +238456,8 @@ rule DITEKSHEN_MALWARE_Win_Hyperbro02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5450-L5474"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5450-L5474"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca4ee116516549fc42f7e32b3c24d631b7f2c638efbde5c07227358e78fd6f35"
 		score = 75
 		quality = 75
@@ -234278,8 +238496,8 @@ rule DITEKSHEN_MALWARE_Win_Dllhijacker02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5512-L5527"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5512-L5527"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d4eb236256c413d4d3223cc897783f5631c7798c0f3280e72d8c8504438fcaf9"
 		score = 75
 		quality = 75
@@ -234309,8 +238527,8 @@ rule DITEKSHEN_MALWARE_Win_Zeoticus : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5529-L5549"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5529-L5549"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "588c140c141e82dae56758550549dfb96410db50521ac546477e1adc5575b4a0"
 		score = 75
 		quality = 75
@@ -234345,8 +238563,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent11 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5551-L5564"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5551-L5564"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "61df4855766050237c0b67bf70684020beb5d88f5928fa2814077e505be938a6"
 		score = 75
 		quality = 75
@@ -234374,8 +238592,8 @@ rule DITEKSHEN_MALWARE_Win_Softcnapp : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5566-L5583"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5566-L5583"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2d7f4320282218842fa2e82906bcaf691610ad1a6ea257a2a9fc9e062229a2e8"
 		score = 75
 		quality = 75
@@ -234407,8 +238625,8 @@ rule DITEKSHEN_MALWARE_Win_Covenantgruntstager : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5585-L5606"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5585-L5606"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "638f63f605b21154f062b0f4d0659cd6cd87aee319debb2c1a991a679fec087a"
 		score = 75
 		quality = 75
@@ -234444,8 +238662,8 @@ rule DITEKSHEN_MALWARE_Win_Fabookie : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5608-L5624"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5608-L5624"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bbe10323817d501a361a33abf61a49ad59fcac69d78d9d9ec1744ee99a4b4629"
 		score = 75
 		quality = 73
@@ -234476,8 +238694,8 @@ rule DITEKSHEN_MALWARE_Win_Cobianrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5626-L5640"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5626-L5640"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c8f55e5328b61c3591c876797b4521f8e98af7a6c53bab918f10d5c3c2b5013"
 		score = 75
 		quality = 75
@@ -234506,8 +238724,8 @@ rule DITEKSHEN_MALWARE_Win_Leivion : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5660-L5673"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5660-L5673"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a0cda23df4301b66feedad7c04b4d051c07474ccaa07c05598dd0b47bb6fc7e6"
 		score = 75
 		quality = 75
@@ -234535,8 +238753,8 @@ rule DITEKSHEN_MALWARE_Win_Banload : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5675-L5688"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5675-L5688"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5cbc69d11b73f60d6eee3f23ed6cc217ba37a3408cb69e396e0394b5a1e20b75"
 		score = 75
 		quality = 75
@@ -234564,8 +238782,8 @@ rule DITEKSHEN_MALWARE_Win_TYRAT : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5690-L5703"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5690-L5703"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b733b7aa3ba1195807fb728453c0f3f4df2177836054af6f7a863e14058884cb"
 		score = 75
 		quality = 25
@@ -234593,8 +238811,8 @@ rule DITEKSHEN_MALWARE_Win_Infinitylock : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5705-L5723"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5705-L5723"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "634759f1c2d48becebc9c87e146e898524071738f74b7001b112dc793bcb581c"
 		score = 75
 		quality = 73
@@ -234627,8 +238845,8 @@ rule DITEKSHEN_MALWARE_Win_Mountlocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5725-L5740"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5725-L5740"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "30bc601fef60cc1c9d8bff5dd3f8a53214f088b74eb24fe2369f5664613e0eaf"
 		score = 75
 		quality = 75
@@ -234658,8 +238876,8 @@ rule DITEKSHEN_MALWARE_Win_Pingback : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5742-L5761"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5742-L5761"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c5fa9ecefca1188ba5e81c0518f74023884ad0f66718fc030601cb458bdf2f12"
 		score = 75
 		quality = 75
@@ -234693,8 +238911,8 @@ rule DITEKSHEN_MALWARE_Win_Bazarloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5763-L5776"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5763-L5776"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8febd1355bc03f71794ffb8d51cbb112e8acd2d26fec5bb736a388d5384e7747"
 		score = 75
 		quality = 75
@@ -234722,8 +238940,8 @@ rule DITEKSHEN_MALWARE_Win_Coinminer01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5778-L5790"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5778-L5790"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "31a7531ecc7b8a35ba882c17d15bd3581e65b4b99dd3a7cb8bca8f6edf204114"
 		score = 75
 		quality = 75
@@ -234750,8 +238968,8 @@ rule DITEKSHEN_PUA_Win_Ultrasurf : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5792-L5807"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5792-L5807"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d8d17b1bf20c12f864697d3dd66f345a8b93e2a75f0489b58b23b7f5264b6be3"
 		score = 75
 		quality = 75
@@ -234781,8 +238999,8 @@ rule DITEKSHEN_MALWARE_Win_Hello : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5809-L5820"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5809-L5820"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f52f12eb38613f5afd5258b5263c6e6e2d9db6c9659a769f896a2bb66564fa69"
 		score = 75
 		quality = 75
@@ -234808,8 +239026,8 @@ rule DITEKSHEN_MALWARE_Win_Buterat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5822-L5839"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5822-L5839"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c3d93e8dc1bde8e77c11586c8d8b67d137ef2c4791e12269f1af310fbe14832b"
 		score = 75
 		quality = 23
@@ -234841,8 +239059,8 @@ rule DITEKSHEN_MALWARE_Win_Cookiestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5841-L5857"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5841-L5857"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9cc406ae078e37430b3cf10954c02014b9760bc887344842e724df735d1d9808"
 		score = 75
 		quality = 75
@@ -234873,8 +239091,8 @@ rule DITEKSHEN_MALWARE_Win_Bitcoingrabber : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5859-L5875"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5859-L5875"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2dc762525c1fbf25517df52f0561d96d7469bf1367eada31c236fc313001c6cb"
 		score = 75
 		quality = 75
@@ -234905,8 +239123,8 @@ rule DITEKSHEN_MALWARE_Win_FOXGRABBER : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5877-L5890"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5877-L5890"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5ecba516f1155bdcccf83b0a034b11d8eac8619d4c3326fdbc76082fbe4daf02"
 		score = 75
 		quality = 75
@@ -234934,8 +239152,8 @@ rule DITEKSHEN_MALWARE_Win_Browsergrabber : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5892-L5906"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5892-L5906"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c96a63566280758d8c32542bfab3c6faa7d21329430345f51ea4c2f0a6809dc2"
 		score = 75
 		quality = 25
@@ -234964,8 +239182,8 @@ rule DITEKSHEN_MALWARE_Win_Deathransom : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5908-L5925"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5908-L5925"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3c87364a7ecc403262056eeccaa16bf230fbbe684e21d35099d0d572abba9eda"
 		score = 75
 		quality = 75
@@ -234997,8 +239215,8 @@ rule DITEKSHEN_MALWARE_Win_Unlockyourfiles : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5927-L5946"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5927-L5946"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "05f549467fac03d4aa2248a9c6c87e4c4273ed6ad727ebb77a4dd115032e454b"
 		score = 75
 		quality = 75
@@ -235032,8 +239250,8 @@ rule DITEKSHEN_MALWARE_Win_Decryptmyfiles : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5948-L5964"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5948-L5964"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5b7f74569700e2ad3f31388571dad5ffda45f5ab3dd36806f7514aff0367d5ba"
 		score = 75
 		quality = 73
@@ -235064,8 +239282,8 @@ rule DITEKSHEN_MALWARE_Win_Motocos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5966-L5981"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5966-L5981"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "99ac365c277058503874313e3a74ab016d6d279b47c754c3df950e3ce60e29f1"
 		score = 75
 		quality = 75
@@ -235095,8 +239313,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent12 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5983-L5993"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5983-L5993"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b9845414f4ce4cc25b75a8de7569c4135bbb7ba9098fd4c50d7ac80302e99b8f"
 		score = 75
 		quality = 75
@@ -235121,8 +239339,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L5995-L6015"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L5995-L6015"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5c13af5fdbb2e8a27103d9502126a82d0bff15d9a269b22e4279b5b459d50e2d"
 		score = 75
 		quality = 75
@@ -235157,8 +239375,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6017-L6034"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6017-L6034"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "76d185cfcbc7f4996c2fb5c7c1ba4eb20b32d322d8ff47594283a4ca3e573a0b"
 		score = 75
 		quality = 75
@@ -235190,8 +239408,8 @@ rule DITEKSHEN_MALWARE_Win_Nermer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6036-L6062"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6036-L6062"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e885b1b908b256ee07f5cb144d63f5ad65e5bf746b70efe168b0ac742a246ab3"
 		score = 75
 		quality = 75
@@ -235232,8 +239450,8 @@ rule DITEKSHEN_MALWARE_Win_Beastdoor : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6064-L6084"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6064-L6084"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d9a72717d124bcf1e3b95850cd524e577abe96a094586a5555faadba78fcb9ad"
 		score = 75
 		quality = 75
@@ -235268,8 +239486,8 @@ rule DITEKSHEN_MALWARE_Win_Gravityrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6086-L6108"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6086-L6108"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a6b049dbf21f22f751c15da98536e9ef2a4ced7755ade0cc9904afddef1d3ae6"
 		score = 75
 		quality = 75
@@ -235306,8 +239524,8 @@ rule DITEKSHEN_MALWARE_Win_Fatalrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6110-L6128"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6110-L6128"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fb7f6822aa4ef98e77670d276d06c9a37718bce38d32ce5b53fe67513b107fbe"
 		score = 75
 		quality = 75
@@ -235340,8 +239558,8 @@ rule DITEKSHEN_MALWARE_Win_Wingo : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6130-L6141"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6130-L6141"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "423b1631ad625fd46a9d10f0ecdf24931cf62a2c1694da3ebdd38daad0a4f724"
 		score = 75
 		quality = 73
@@ -235367,8 +239585,8 @@ rule DITEKSHEN_MALWARE_Win_GENERIC03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6143-L6154"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6143-L6154"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9166808a3dab80d9d85b3b976ae658160c8389c7d0e05a46d553b5bb9d41a1cb"
 		score = 75
 		quality = 50
@@ -235394,8 +239612,8 @@ rule DITEKSHEN_MALWARE_Win_Pandastealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6156-L6172"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6156-L6172"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "23a911bfe14defe8f961068d43bb349b66ee73f8b2f281f2bec1c0ecb8f37b25"
 		score = 75
 		quality = 50
@@ -235426,8 +239644,8 @@ rule DITEKSHEN_MALWARE_Win_Gelsemine : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6174-L6194"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6174-L6194"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8c20efa6f34ee9165fac9f1f2e5eb20830a02016309dfaa5681977e1a8ac6068"
 		score = 75
 		quality = 75
@@ -235462,8 +239680,8 @@ rule DITEKSHEN_MALWARE_Win_Gelsevirine : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6224-L6254"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6224-L6254"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "60d41d6d789f1cd2a7040d6535f13c69ea58a489035838f047b886e8f1f37f63"
 		score = 75
 		quality = 73
@@ -235508,8 +239726,8 @@ rule DITEKSHEN_MALWARE_Win_Ipsechelper : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6256-L6279"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6256-L6279"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "be0ecf8a97d289b15b902420d769925b7b22ab835bd7d10d10b059119f41e540"
 		score = 75
 		quality = 75
@@ -235547,8 +239765,8 @@ rule DITEKSHEN_MALWARE_Win_Apostle : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6281-L6295"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6281-L6295"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aa5a522383cbb7e2fdb90f4c4395c7f92f546aa1dbda8f44090225861f011630"
 		score = 75
 		quality = 75
@@ -235577,8 +239795,8 @@ rule DITEKSHEN_MALWARE_Win_DEADWOOD : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6297-L6313"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6297-L6313"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf53abc801971b294e0a23bb0162ceb7c56a563a16e73c317f6a890ba545b67d"
 		score = 75
 		quality = 75
@@ -235609,8 +239827,8 @@ rule DITEKSHEN_MALWARE_Win_Turian : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6315-L6343"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6315-L6343"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "87f4263381c5e93fcba0873aa3bb9a1db4b21225141cd7f06be30f5777a47806"
 		score = 75
 		quality = 75
@@ -235653,8 +239871,8 @@ rule DITEKSHEN_MALWARE_Win_Dlagent14 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6365-L6378"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6365-L6378"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2806b553635dbf96e9c00d3554dd5732df64200b3ae2c4845a2675218bd56387"
 		score = 75
 		quality = 75
@@ -235682,8 +239900,8 @@ rule DITEKSHEN_MALWARE_Win_Markirat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6380-L6403"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6380-L6403"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "17b8bcfe8d2b4c87ff8e0bddb436e18029a3b28a5ad3994fe9bef359588d9cad"
 		score = 75
 		quality = 75
@@ -235721,8 +239939,8 @@ rule DITEKSHEN_MALWARE_Win_Klingonrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6405-L6427"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6405-L6427"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2abfbfc1b67f931f15bfdfd2cd4ba7821e62eb8c518bbc04629c0dd694bbd9c1"
 		score = 75
 		quality = 75
@@ -235759,8 +239977,8 @@ rule DITEKSHEN_MALWARE_Win_Xfiles : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6429-L6460"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6429-L6460"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0c04a8f019aea36f4bba3ce8289c2d608c69d76bbf321052560b4ca2214be057"
 		score = 75
 		quality = 73
@@ -235806,8 +240024,8 @@ rule DITEKSHEN_MALWARE_Win_Allakore : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6462-L6493"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6462-L6493"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e93682787e27246cdddbd67ca5360728c65049a2e97e71809b5902854aa4bef"
 		score = 75
 		quality = 73
@@ -235853,8 +240071,8 @@ rule DITEKSHEN_MALWARE_Win_Reverserat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6495-L6514"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6495-L6514"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "87ab00a5588bfce04ec47a07b184fffe359e472ac8bf561b02a8b070edf2e014"
 		score = 75
 		quality = 75
@@ -235888,8 +240106,8 @@ rule DITEKSHEN_MALWARE_Win_Smokeloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6516-L6539"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6516-L6539"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "65c56ed11a3cb4e4bcf8fd2a6be097545cb96e84ba4c4202969d1d163a2a36ed"
 		score = 75
 		quality = 75
@@ -235923,8 +240141,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6541-L6551"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6541-L6551"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "10092e7916775fe0a39baa5714fdda89f443ceabdcc610cc1fcd5a0fb0e68d0c"
 		score = 75
 		quality = 73
@@ -235949,8 +240167,8 @@ rule DITEKSHEN_MALWARE_Win_Coinminer02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6553-L6571"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6553-L6571"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "83760aef667819923a2ac67c006e03bb6d4260b7a4aedd691dd5b145fb50d5c1"
 		score = 75
 		quality = 75
@@ -235983,8 +240201,8 @@ rule DITEKSHEN_MALWARE_Win_Mercurial : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6573-L6593"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6573-L6593"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "400f8f717a4e07bf4de508c02bbcd9e82bf21f3df84c989fc622378f33e192f0"
 		score = 75
 		quality = 75
@@ -236019,8 +240237,8 @@ rule DITEKSHEN_MALWARE_Win_Phonzy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6595-L6608"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6595-L6608"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "924e7674d76594314df1a32d38f19cee12a3ed49cdf5e153f98bb08a7634055c"
 		score = 75
 		quality = 75
@@ -236048,8 +240266,8 @@ rule DITEKSHEN_MALWARE_Win_Hive : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6610-L6647"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6610-L6647"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "14c20ff2fa62d80eed0f4f364e24d93d493d4f3b47f664983714940afa74046f"
 		score = 75
 		quality = 73
@@ -236101,8 +240319,8 @@ rule DITEKSHEN_MALWARE_Win_Spyro : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6649-L6675"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6649-L6675"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2e3be361f6d4283fd312a4486eaa39d6594813937cc3f62dbb603babeff17929"
 		score = 75
 		quality = 75
@@ -236143,8 +240361,8 @@ rule DITEKSHEN_MALWARE_Win_Darkvnc : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6677-L6696"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6677-L6696"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b0dbde04c0a05e476d505b92cf7dbf3b4ef0dd9e88eafcd21b7a7d0e3623abbd"
 		score = 75
 		quality = 75
@@ -236178,8 +240396,8 @@ rule DITEKSHEN_MALWARE_Win_RSJON : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6698-L6727"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6698-L6727"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "abfea2955bf0d0b0511ea820582cc15fbcfc38dbed71fb2a0050cd98a9311cda"
 		score = 75
 		quality = 48
@@ -236223,8 +240441,8 @@ rule DITEKSHEN_MALWARE_Win_Boxcaon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6729-L6746"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6729-L6746"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4f2f26e6678d49bfa5937511b1788a059ee10e1b5f19e53d6386199738a925a5"
 		score = 75
 		quality = 50
@@ -236256,8 +240474,8 @@ rule DITEKSHEN_MALWARE_Win_Avoslocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6748-L6757"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6748-L6757"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "85601fdd13ddeb1fc0b8b98eb68e324046d60c1ae9467d083a75abebcb50e3a0"
 		score = 75
 		quality = 75
@@ -236281,8 +240499,8 @@ rule DITEKSHEN_MALWARE_Win_Diavol : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6759-L6784"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6759-L6784"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bcc7a9dc2dcb12ded75af9d79ab0f46f0e69da9e9fe72539be6351306ed11c18"
 		score = 75
 		quality = 48
@@ -236322,8 +240540,8 @@ rule DITEKSHEN_MALWARE_Win_Margulasrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6786-L6810"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6786-L6810"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dd5b94c947d97cdc34032f2cb84b4975a1e8f510638857fb6dbe553bcff7d16e"
 		score = 75
 		quality = 75
@@ -236362,8 +240580,8 @@ rule DITEKSHEN_MALWARE_Win_Lilithrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6812-L6839"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6812-L6839"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1e8ac8a329ff99318e12666ea1d90d21bb9b0dff656a5eb1ce741b940c99afd5"
 		score = 75
 		quality = 75
@@ -236405,8 +240623,8 @@ rule DITEKSHEN_MALWARE_Win_Epicenterrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6841-L6863"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6841-L6863"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e9086dff22e301f57c6a9bdb38fbed8e902d5b8ca20a5e5b3cda56db08d5582e"
 		score = 75
 		quality = 75
@@ -236443,8 +240661,8 @@ rule DITEKSHEN_MALWARE_Win_Lastconn : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6865-L6894"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6865-L6894"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "94f5874353d0fb475595373c06a0de91603cad9b435d35dc00febf90608d6b5a"
 		score = 75
 		quality = 75
@@ -236488,8 +240706,8 @@ rule DITEKSHEN_MALWARE_Win_Crimsonrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6896-L6920"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6896-L6920"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a40cf09dbaafb2e7b9130af1b40e46b4c38fed6185b16435ad4c118f9e6d56c7"
 		score = 75
 		quality = 75
@@ -236528,8 +240746,8 @@ rule DITEKSHEN_MALWARE_Win_Actionrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6922-L6955"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6922-L6955"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1552cda3f02c08582e3dd97df98416635a25005081627097df181bfc6aac4665"
 		score = 75
 		quality = 21
@@ -236577,8 +240795,8 @@ rule DITEKSHEN_MALWARE_Win_Nodachi : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6957-L6972"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6957-L6972"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c8a262b862a47d5c0c9bd76b722aa4ceb55dd365b5dca35a61318d8a1c53269d"
 		score = 75
 		quality = 75
@@ -236608,8 +240826,8 @@ rule DITEKSHEN_MALWARE_Win_Iamthekingqueenofhearts : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6974-L6991"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6974-L6991"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0aafeb1dce380ebe6cccc3c7f9564022e1a4cdcf20091943d2bfcc845129152d"
 		score = 75
 		quality = 75
@@ -236641,8 +240859,8 @@ rule DITEKSHEN_MALWARE_Win_Iamthekingqueenofclubs : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L6993-L7007"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L6993-L7007"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "28d7d3e9a3b7c104fc5b0fa38ce33b34596f16f6987c34a0e2e3fd93a8a908bd"
 		score = 75
 		quality = 75
@@ -236671,8 +240889,8 @@ rule DITEKSHEN_MALWARE_Win_Iamtheking : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7009-L7029"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7009-L7029"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1cc2aa9b672b8519a3e8a22e31403fb7adace0d430f9cab160e9a7d52e56e875"
 		score = 75
 		quality = 50
@@ -236707,8 +240925,8 @@ rule DITEKSHEN_MALWARE_Win_Gobrut : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7031-L7086"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7031-L7086"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fb93d0dcf7f38294444ac6d2e1a7a126027ce07f0305af9ae0f8aa8f4b806c5c"
 		score = 75
 		quality = 50
@@ -236778,8 +240996,8 @@ rule DITEKSHEN_MALWARE_Win_Biopass_Dropper : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7088-L7111"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7088-L7111"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "06f3b3ee38349ddcf9be7cbb7627d60fa673962409dde6e4badd112841a3ed19"
 		score = 75
 		quality = 75
@@ -236817,8 +241035,8 @@ rule DITEKSHEN_MALWARE_Win_A310Logger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7113-L7149"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7113-L7149"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8205169c9c78eb784b9d07a5fd85ad3a54763452e1e315f7e7911b8ac49a6c01"
 		score = 75
 		quality = 73
@@ -236868,8 +241086,8 @@ rule DITEKSHEN_MALWARE_Win_Crylock : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7151-L7186"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7151-L7186"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dde35dd2c7e89212c4562f2dcf6a78d06fbb3d31150d49e6c48f758b07f1834f"
 		score = 75
 		quality = 73
@@ -236919,8 +241137,8 @@ rule DITEKSHEN_MALWARE_Win_Deeprats : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7188-L7218"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7188-L7218"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "511264c0b6932f90069a5206cd142ca7210b0bc40c51ef5aa9c41a161fb57aab"
 		score = 75
 		quality = 73
@@ -236965,8 +241183,8 @@ rule DITEKSHEN_MALWARE_Win_Gasket : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7220-L7250"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7220-L7250"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0279979915891fc8c813ba555120ee5705b53b234a808b5ca77bff35a082e376"
 		score = 75
 		quality = 73
@@ -237011,8 +241229,8 @@ rule DITEKSHEN_MALWARE_Win_Silentmoon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7252-L7272"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7252-L7272"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1aa61e83d0003ef41d16fd40698485fdf41a957639ac3c3f2770994a43bd502a"
 		score = 75
 		quality = 25
@@ -237047,8 +241265,8 @@ rule DITEKSHEN_MALWARE_Win_Lu0Bot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7274-L7285"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7274-L7285"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b4822248230a804b1dc75f8d517af28a621dab1746c9ef45eaa4754149ce0cba"
 		score = 75
 		quality = 75
@@ -237074,8 +241292,8 @@ rule DITEKSHEN_MALWARE_Win_Shellcodedlei : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7287-L7304"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7287-L7304"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "064c17427ae6b33ffb09a14abcb924d20ead44250e8bd03070bf40869f1c812e"
 		score = 75
 		quality = 75
@@ -237107,8 +241325,8 @@ rule DITEKSHEN_MALWARE_Win_Bluebot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7306-L7333"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7306-L7333"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "04a19f649eb2fff7a5bc59ccead80cd0a04c4e5418cbc83e850045dba75b03e0"
 		score = 75
 		quality = 25
@@ -237150,8 +241368,8 @@ rule DITEKSHEN_MALWARE_Win_Unkcobaltstrike : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7335-L7354"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7335-L7354"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2fb4e87eec3b56773b812ce6a5c28143183087e0f93d92d76c1103563f8e0891"
 		score = 75
 		quality = 75
@@ -237185,8 +241403,8 @@ rule DITEKSHEN_MALWARE_Win_EXEPWSHDL : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7356-L7374"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7356-L7374"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "58fbd27758ecd435eb30b7c34f4cf142db8e31edee0838175992923a51706508"
 		score = 75
 		quality = 50
@@ -237219,8 +241437,8 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7376-L7402"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7376-L7402"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a07535fc53912ddde6a0bed187c21ecdb2701d317d7de0cbdd2db37071bc9a21"
 		score = 75
 		quality = 75
@@ -237261,8 +241479,8 @@ rule DITEKSHEN_MALWARE_Win_Chaos : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7404-L7433"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7404-L7433"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6203ab09745db817b9e909d70cf1d5be9769c414461ee5f7bb344b6959986537"
 		score = 75
 		quality = 44
@@ -237306,8 +241524,8 @@ rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7435-L7451"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7435-L7451"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c0f499e3a17923b391ed6b7fa723525a9d4aef0ce04a2c7abec60d5eda15888f"
 		score = 75
 		quality = 73
@@ -237338,8 +241556,8 @@ rule DITEKSHEN_MALWARE_Win_Breakwin : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7453-L7471"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7453-L7471"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "86fc89e28fc107c2d4fe98dc16048d9e076b1fef53a3df0814f80a88bbe09c48"
 		score = 75
 		quality = 75
@@ -237372,8 +241590,8 @@ rule DITEKSHEN_MALWARE_Win_Coinminer03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7506-L7528"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7506-L7528"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f22e1af955a0d132dda820fe5e5e1ae2f077b7264ce1f0125a2f37c0da6b6508"
 		score = 75
 		quality = 75
@@ -237410,8 +241628,8 @@ rule DITEKSHEN_MALWARE_Win_Zeppelin : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7530-L7545"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7530-L7545"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6c8420756b562662985dd26eaad58500a24cae786a47b788c953e86276116a1"
 		score = 75
 		quality = 75
@@ -237441,8 +241659,8 @@ rule DITEKSHEN_MALWARE_Win_Slackbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7547-L7588"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7547-L7588"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "919839883c437b69cf7f380830f2499be24415f96f1e42424e4859114f958581"
 		score = 75
 		quality = 73
@@ -237498,8 +241716,8 @@ rule DITEKSHEN_MALWARE_Win_Sweetystealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7590-L7608"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7590-L7608"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ecf22240b47af077055260faba0406721f1b4cc5ed04180285df0de86c4e1241"
 		score = 75
 		quality = 75
@@ -237532,8 +241750,8 @@ rule DITEKSHEN_MALWARE_Win_Genircbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7610-L7626"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7610-L7626"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc7f4599148c45fdf755c07530ae4846b7e283b5c1001c121f9ea05279997dc1"
 		score = 75
 		quality = 73
@@ -237564,8 +241782,8 @@ rule DITEKSHEN_MALWARE_Win_Nitro : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7628-L7652"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7628-L7652"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "03da21ece2de530a9c2ba08a9e44c9a92bc9ca0a6d4ac9507899d1f3dcd03e37"
 		score = 75
 		quality = 69
@@ -237604,8 +241822,8 @@ rule DITEKSHEN_MALWARE_Win_Nanocore : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7654-L7681"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7654-L7681"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6336260e0af2b4b51338ee066f41b7c58aa134a6c03ca110db7e088edf2b65a7"
 		score = 75
 		quality = 75
@@ -237647,8 +241865,8 @@ rule DITEKSHEN_MALWARE_Win_Satan : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7683-L7709"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7683-L7709"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e50daa88e0067a0f00329c6369c0334bd282fb102c91ba5ca770da97851d6d2e"
 		score = 75
 		quality = 50
@@ -237689,8 +241907,8 @@ rule DITEKSHEN_MALWARE_Win_Neshta : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7711-L7720"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7711-L7720"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7967c1154f652e28e541058a7b7f61aa077cfaf6be58282e1de68d9a6088c1ac"
 		score = 75
 		quality = 75
@@ -237714,8 +241932,8 @@ rule DITEKSHEN_MALWARE_Linux_Hellokitty : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7722-L7746"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7722-L7746"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bcb1188d616b29fa535e757a37476435a3061d27e143339413f6829876701868"
 		score = 75
 		quality = 73
@@ -237754,8 +241972,8 @@ rule DITEKSHEN_MALWARE_Win_Blackmatter : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7748-L7767"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7748-L7767"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4558002b424f7102f67fc44dfc37ac20f6013e25ae827c6aee0fc37231e2fa72"
 		score = 75
 		quality = 75
@@ -237786,8 +242004,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector04 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7769-L7790"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7769-L7790"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ab9a047e53dec2cc5986522636783b5cb8aae7fc0297292d017ec22ee5750cce"
 		score = 75
 		quality = 75
@@ -237823,8 +242041,8 @@ rule DITEKSHEN_MALWARE_Win_Darkcomet : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7792-L7812"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7792-L7812"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "444df3c914c47500018614af10036864b459e7873daf079b684352dbe52f0486"
 		score = 75
 		quality = 50
@@ -237859,8 +242077,8 @@ rule DITEKSHEN_MALWARE_Win_Macoute : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7814-L7836"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7814-L7836"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1dffa48fe6c0ac053509b5f5994d323fd72d090da0f077b52c9bc33df6997964"
 		score = 75
 		quality = 75
@@ -237897,8 +242115,8 @@ rule DITEKSHEN_MALWARE_Win_Coinminer04 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7838-L7858"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7838-L7858"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2ef60dbf0bac3d5910635bb011a45e5ebc1392094b10425604fa9dd290198f8b"
 		score = 75
 		quality = 75
@@ -237933,8 +242151,8 @@ rule DITEKSHEN_MALWARE_Win_Sidewalk : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7860-L7880"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7860-L7880"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6885a1ad69d61fa5875ee0db949071e84390fc2db4307c412b32cd17c0806f6a"
 		score = 75
 		quality = 75
@@ -237969,8 +242187,8 @@ rule DITEKSHEN_MALWARE_Win_Vanillarat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7882-L7902"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7882-L7902"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d7b90ac88a50693ec4bb0676c04f5d161f04f67970ea60d80e79d774da75bfdc"
 		score = 75
 		quality = 75
@@ -238005,8 +242223,8 @@ rule DITEKSHEN_MALWARE_Win_Sectoprat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7904-L7929"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7904-L7929"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b4048f837c02560a8b650247173be25893b466e5cec8f2784eea58172f973822"
 		score = 75
 		quality = 75
@@ -238046,8 +242264,8 @@ rule DITEKSHEN_MALWARE_Win_Neptune : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7931-L7953"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7931-L7953"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3298bf55f89180ed7e9f7ad35b59d39284a5143fd69fa2a4fbc27d91fb2fbd3"
 		score = 75
 		quality = 75
@@ -238084,8 +242302,8 @@ rule DITEKSHEN_MALWARE_Win_Tomiris : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7955-L7978"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7955-L7978"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1d9baeb6db2e849dd053c3fc735984e23b9cead39cf166f8a544ee5a439185d1"
 		score = 75
 		quality = 75
@@ -238123,8 +242341,8 @@ rule DITEKSHEN_MALWARE_Win_Jennlog : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7980-L7996"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7980-L7996"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "085a4783c7c01ec95491d9999d1835ad9ab3dc70d77b944578e097b3ffe3a627"
 		score = 75
 		quality = 75
@@ -238155,8 +242373,8 @@ rule DITEKSHEN_MALWARE_Win_Lockfile : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L7998-L8014"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L7998-L8014"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "28c8aa8931d599e5a1860fe2ed0b8172e709dad1a48a319858a907fa775af293"
 		score = 75
 		quality = 71
@@ -238187,8 +242405,8 @@ rule DITEKSHEN_MALWARE_Win_HUNT_Foggyweb : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8016-L8032"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8016-L8032"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d868501bc52ad7787d9e99927dd61e9ad9e2132f02348fc71e64666bfc0c9e15"
 		score = 50
 		quality = 75
@@ -238219,8 +242437,8 @@ rule DITEKSHEN_MALWARE_Win_HUNT_Apostle
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8034-L8043"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8034-L8043"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9acab5dadee0760431376075450f54bbb32ebed10dc928db91a44d069afc1576"
 		score = 50
 		quality = 73
@@ -238244,8 +242462,8 @@ rule DITEKSHEN_MALWARE_Win_HUNT_Ghostemperor_Remotecontrolpayload : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8045-L8052"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8045-L8052"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dabce4e0add0d05b4efd8e7540e4f14767c7b5fab361bd731234dd9dd844c658"
 		score = 50
 		quality = 75
@@ -238265,8 +242483,8 @@ rule DITEKSHEN_MALWARE_Win_Unicorn : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8077-L8107"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8077-L8107"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c4150b213c0dd88c87eb81e3ad455d8f658a57b0998bc6e394c5afac9423d9f2"
 		score = 75
 		quality = 75
@@ -238311,8 +242529,8 @@ rule DITEKSHEN_MALWARE_Win_Spectre : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8109-L8124"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8109-L8124"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee041928ab5010fd5a06538f9a7cf9c72e44903fdb05f13b12362af0b326fd6f"
 		score = 75
 		quality = 75
@@ -238342,8 +242560,8 @@ rule DITEKSHEN_MALWARE_Win_HUNT_Blackbyte : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8126-L8139"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8126-L8139"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ceb71e42b888522c183af7e180bae47510fc7aa60a713aa83ffc2c98c03466f"
 		score = 50
 		quality = 57
@@ -238371,8 +242589,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector05 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8141-L8158"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8141-L8158"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5345c2b03e14b7324a13bac0da783eec8c30da18043c1b2d46162e5b511fae63"
 		score = 75
 		quality = 75
@@ -238404,8 +242622,8 @@ rule DITEKSHEN_MALWARE_Win_Kutaki : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8160-L8173"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8160-L8173"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "24fbc9ca6de421275813c285a8fca91cfcede48f4b4de9feda010c644f0c251f"
 		score = 75
 		quality = 75
@@ -238433,8 +242651,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector06 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8175-L8189"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8175-L8189"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e44ea8dbb94c6cd3b63d66eac3e9b3d6d5ff7d561410b8328e6c24630645305b"
 		score = 75
 		quality = 75
@@ -238463,8 +242681,8 @@ rule DITEKSHEN_MALWARE_Win_Crown : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8191-L8211"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8191-L8211"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eeb36993c93d76ed118643ee417f15e1768015f72464dbabca7ae001f64a0aef"
 		score = 75
 		quality = 75
@@ -238499,8 +242717,8 @@ rule DITEKSHEN_MALWARE_Win_Floodfix : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8213-L8219"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8213-L8219"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d7da820b00ef5ee2e943b012cfa57421a39f8a7bfc627cc1909151a47092a26d"
 		score = 75
 		quality = 75
@@ -238520,8 +242738,8 @@ rule DITEKSHEN_MALWARE_Win_UNK_Infostealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8221-L8246"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8221-L8246"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca57ebf4b56020d278ec8a7e721c72de7a1f925a8e7f1f3a9edc8a70b88ff9d1"
 		score = 75
 		quality = 75
@@ -238561,8 +242779,8 @@ rule DITEKSHEN_MALWARE_Win_DECAF : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8248-L8268"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8248-L8268"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5d79a4f310fb00022eb9d636f161227e84a7e15517c4d2c39acafa7d81af5c2a"
 		score = 75
 		quality = 75
@@ -238597,8 +242815,8 @@ rule DITEKSHEN_MALWARE_Win_Windealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8270-L8301"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8270-L8301"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "eabc41ea69f142ee7c243cbc75ceda909a722be382ad91a01c805aef637be915"
 		score = 75
 		quality = 73
@@ -238644,8 +242862,8 @@ rule DITEKSHEN_MALWARE_Win_Exmatter : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8303-L8325"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8303-L8325"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "25a35c82919f96bdba00558616f574e901b83785713ed1a63a6f06df576777cd"
 		score = 75
 		quality = 75
@@ -238682,8 +242900,8 @@ rule DITEKSHEN_MALWARE_Win_Brbbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8327-L8345"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8327-L8345"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "64df5bba698fbba1baf27eedb9a2eb46c5e0752996ea91900f8377200d54eeeb"
 		score = 75
 		quality = 75
@@ -238716,8 +242934,8 @@ rule DITEKSHEN_MALWARE_Win_Babylonrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8347-L8373"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8347-L8373"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "352efb98e298e9f0ce17c20d44d193f2565ec559923210d80dec1a0988545a30"
 		score = 75
 		quality = 50
@@ -238758,8 +242976,8 @@ rule DITEKSHEN_MALWARE_Win_Netsupport : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8375-L8386"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8375-L8386"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4e8120d902fdee2a3f87c85bb6bb7d3bba79e3828500f297c2dc57d5213cf6a8"
 		score = 75
 		quality = 50
@@ -238785,8 +243003,8 @@ rule DITEKSHEN_MALWARE_Win_Gobrutloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8388-L8394"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8388-L8394"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6241117cffb147763ace41b36cd1524f48bfc7cb06d56a82d7b30bec9e1baf5b"
 		score = 75
 		quality = 75
@@ -238806,8 +243024,8 @@ rule DITEKSHEN_MALWARE_Win_Milan : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8396-L8467"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8396-L8467"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "102af43be7cc3d873fbce78c95c767ebb6aadb2e7084b48f3cf48c11071d7a71"
 		score = 75
 		quality = 50
@@ -238893,8 +243111,8 @@ rule DITEKSHEN_MALWARE_Win_UNK05 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8469-L8486"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8469-L8486"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3074f237fbaf449a53dcc219f48509db6af4c0d0859e6590563c3412be30aa8"
 		score = 75
 		quality = 75
@@ -238926,8 +243144,8 @@ rule DITEKSHEN_MALWARE_Win_Clipbanker01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8488-L8521"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8488-L8521"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ef90e22299a1009468761a4cdb8e2a92920d721f1a7ebceeb81a07e14f9156f"
 		score = 75
 		quality = 73
@@ -238975,8 +243193,8 @@ rule DITEKSHEN_MALWARE_Win_Zombieboy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8523-L8532"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8523-L8532"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0840367c1b56c4c266f22400df95411ba7784b98919a922380e1ec789783bb65"
 		score = 75
 		quality = 75
@@ -239000,8 +243218,8 @@ rule DITEKSHEN_MALWARE_Win_Pcrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8534-L8561"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8534-L8561"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ad56d7d6a2bb6d09bc4530c31b51456b6bbca5def1810449fd2a31973cce18f8"
 		score = 75
 		quality = 75
@@ -239043,8 +243261,8 @@ rule DITEKSHEN_MALWARE_Win_Rapid : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8563-L8585"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8563-L8585"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c3f1bffeb402951da8bcccc899b2cdeb3c218b342d8338c750b9ff275537b4b5"
 		score = 75
 		quality = 75
@@ -239081,8 +243299,8 @@ rule DITEKSHEN_MALWARE_Win_Satana : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8587-L8604"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8587-L8604"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b2946e8c37be4a57237999aaa0c0a760a181306320162e04bc6fc12a542b81d5"
 		score = 75
 		quality = 73
@@ -239114,8 +243332,8 @@ rule DITEKSHEN_MALWARE_Win_Virlock : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8606-L8624"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8606-L8624"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8d516a0d771d7134c0f917f010b3973ed53b4ee7e4a2cf0bb5daecf9867b0081"
 		score = 75
 		quality = 75
@@ -239148,8 +243366,8 @@ rule DITEKSHEN_MALWARE_Win_Piratestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8626-L8644"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8626-L8644"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c29fbc6cfa9e529218fa7315481e0922dc10b2da729931b8580bdd76ecdf6b68"
 		score = 50
 		quality = 75
@@ -239182,8 +243400,8 @@ rule DITEKSHEN_MALWARE_Win_Nglite : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8646-L8668"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8646-L8668"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d83663908949f69018461c73cf7137cf4ab16cc057cfe47942e6de0415ab5447"
 		score = 75
 		quality = 75
@@ -239220,8 +243438,8 @@ rule DITEKSHEN_MALWARE_Win_Kdcsponge : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8670-L8700"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8670-L8700"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c891db94df9cde9eaa6096ad68d96c7b85a9c03e255ce43ccb8543a016bd3853"
 		score = 75
 		quality = 65
@@ -239254,8 +243472,8 @@ rule DITEKSHEN_MALWARE_Win_Chinotto : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8702-L8754"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8702-L8754"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "92f37bdc4cf17e07bb556c60e3bde4547c34f67a2fb5c806000d9cb2446adff1"
 		score = 75
 		quality = 73
@@ -239322,8 +243540,8 @@ rule DITEKSHEN_MALWARE_Win_Tardigrade : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8756-L8787"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8756-L8787"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2bd4f23f66844a320b6bed6242ba39096f66a08affb84abd78c342d433ed9fe6"
 		score = 75
 		quality = 75
@@ -239360,8 +243578,8 @@ rule DITEKSHEN_MALWARE_Win_Clipbanker02 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8789-L8814"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8789-L8814"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "51a43245b1e0b6fea874302b73bf552012c54c3f7c12b8c447c96c2ffdcc1dcb"
 		score = 75
 		quality = 75
@@ -239401,8 +243619,8 @@ rule DITEKSHEN_MALWARE_Win_Badjoke : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8816-L8831"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8816-L8831"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4699a772bcd50d2fe43740df59a4c56598ba43ebcc18acbf8ec401b6f5a01fe6"
 		score = 75
 		quality = 75
@@ -239432,8 +243650,8 @@ rule DITEKSHEN_MALWARE_Win_Heracles : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8833-L8861"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8833-L8861"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1d5c80c084f9d6e4692a18f74574179095ecdd5eaadd70b5d16c19702761d74f"
 		score = 75
 		quality = 73
@@ -239476,8 +243694,8 @@ rule DITEKSHEN_MALWARE_Win_Onlylogger : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8863-L8882"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8863-L8882"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1b39a4d2a6d3a2633cfa98adc1dfe99d10d2493fd06c9f875c56ec7689b7a561"
 		score = 75
 		quality = 50
@@ -239511,8 +243729,8 @@ rule DITEKSHEN_MALWARE_Win_Blackbytego : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8884-L8904"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8884-L8904"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3e6a4a2f043293e8693cfbe1515681ce0616d98e2492732fc06a01a96309883"
 		score = 75
 		quality = 75
@@ -239545,8 +243763,8 @@ rule DITEKSHEN_MALWARE_Win_Vulturi : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8906-L8931"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8906-L8931"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4d1d88764dd72ae78a74b802e11c2f28899b7b9f45c54cf3bf7aaac49dd48d7f"
 		score = 75
 		quality = 75
@@ -239586,8 +243804,8 @@ rule DITEKSHEN_MALWARE_Win_Tofsee : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8933-L8949"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8933-L8949"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ef06643173c70c5b06b19200cb5b5efa7db7eb3516b67621f0b1975f1c80781"
 		score = 75
 		quality = 75
@@ -239618,8 +243836,8 @@ rule DITEKSHEN_MALWARE_Win_Khonsari : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8951-L8963"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8951-L8963"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2a78f36259481fccb31b2e6248fed19699b6eb05bacfd08905414764c3045943"
 		score = 75
 		quality = 73
@@ -239646,8 +243864,8 @@ rule DITEKSHEN_MALWARE_Win_Quantum : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8965-L8987"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8965-L8987"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f35422d1f52f1f9f55a5e38c782d2cf621cd84da028358ab250584334d41249c"
 		score = 75
 		quality = 75
@@ -239684,8 +243902,8 @@ rule DITEKSHEN_MALWARE_Win_Tigerrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L8989-L9005"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L8989-L9005"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2254aff3da03b65cf4da3fb6eb2138dba6b41237d565609f3b67e60dee116d13"
 		score = 75
 		quality = 75
@@ -239716,8 +243934,8 @@ rule DITEKSHEN_MALWARE_Win_Owowa : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9007-L9025"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9007-L9025"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "afdeb30845ed4ef7b79e733e05d3e1ee53a8c441db74519577893d75c1249a41"
 		score = 75
 		quality = 75
@@ -239750,8 +243968,8 @@ rule DITEKSHEN_MALWARE_Win_Chebka : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9027-L9048"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9027-L9048"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc8123a5d20fac51d4dfc225e743539456efb4d649060d078c3ed93e7724da01"
 		score = 75
 		quality = 75
@@ -239787,8 +244005,8 @@ rule DITEKSHEN_MALWARE_Win_Flagpro : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9050-L9067"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9050-L9067"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c5e5944426b7be690ad62dd0d98a8fc6f8135cab0dbdd8a5aaf1670491eda59d"
 		score = 75
 		quality = 25
@@ -239820,8 +244038,8 @@ rule DITEKSHEN_MALWARE_Win_Nplusminer
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9069-L9082"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9069-L9082"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6b81c2276765455d46e20ed81e19caa3ae36a31827568486a09bc1619ec478c"
 		score = 75
 		quality = 75
@@ -239849,8 +244067,8 @@ rule DITEKSHEN_MALWARE_Win_PWSH_Poshcookiestealer
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9084-L9098"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9084-L9098"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "234958098d09732675dd539e8d25c6754ba50bf92b3a19e7fef8c68d70503ec4"
 		score = 75
 		quality = 75
@@ -239879,8 +244097,8 @@ rule DITEKSHEN_MALWARE_Win_Garrantdecrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9100-L9114"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9100-L9114"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84b139e51f0ef0389c641d62409d702b0ae7ec6ecd2fa54baf2cf0c0078a8f5a"
 		score = 75
 		quality = 25
@@ -239909,8 +244127,8 @@ rule DITEKSHEN_MALWARE_Win_Locked : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9116-L9132"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9116-L9132"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b838b996946fb268c66bac68d5e326ff3049340dfb08f2e0a77492df49915d5a"
 		score = 75
 		quality = 73
@@ -239941,8 +244159,8 @@ rule DITEKSHEN_MALWARE_Win_Maze : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9134-L9163"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9134-L9163"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d3ce3b43c65dfd9f59ba3c6b64e8d7687db175673cc62068caa1e1da023390c0"
 		score = 75
 		quality = 75
@@ -239986,8 +244204,8 @@ rule DITEKSHEN_MALWARE_Win_Teslarevenge : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9165-L9185"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9165-L9185"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0f68eae8a076d00c8d058ec148d3557f5770dc827d4690b931faf98797426dbc"
 		score = 75
 		quality = 65
@@ -240022,8 +244240,8 @@ rule DITEKSHEN_MALWARE_Win_Lokilocker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9187-L9212"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9187-L9212"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bf78f5e8f40c1a19f6b078a85854e95d5ef1f321393a831edda17b0d65515da7"
 		score = 75
 		quality = 75
@@ -240063,8 +244281,8 @@ rule DITEKSHEN_MALWARE_Osx_Dazzlespy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9214-L9228"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9214-L9228"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "61305384055f71d92ce2ac3d427a1b6f85ce21f502e759f3af952127b1413470"
 		score = 50
 		quality = 71
@@ -240093,8 +244311,8 @@ rule DITEKSHEN_MALWARE_Win_Bhunt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9230-L9251"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9230-L9251"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca0a7e6898047fa3b369125a4402e2beffd328a5db47b1d5dd5914a86d6f0073"
 		score = 75
 		quality = 75
@@ -240130,8 +244348,8 @@ rule DITEKSHEN_MALWARE_Win_Lorenz : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9253-L9283"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9253-L9283"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e9fc9d405b955c379ae40b1804d43b19999f6ea264fc645c897080fb020e8ae8"
 		score = 75
 		quality = 73
@@ -240176,8 +244394,8 @@ rule DITEKSHEN_MALWARE_Win_Blackcat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9285-L9307"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9285-L9307"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cd76e5b87f33d91c17fd032417583c3f68d0e310aaf6f08e26ec5d53844ed9d2"
 		score = 75
 		quality = 75
@@ -240212,8 +244430,8 @@ rule DITEKSHEN_MALWARE_Win_Koxic : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9309-L9327"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9309-L9327"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d874c8ebf330814e52d159cbf71f8bc05ebeb4a9fb93d96c3f861b51e57925a3"
 		score = 75
 		quality = 25
@@ -240246,8 +244464,8 @@ rule DITEKSHEN_MALWARE_Win_Timetime : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9329-L9345"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9329-L9345"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c75ca595ff25f8c79bfe8e5c6af29349be8f07c2de79fd24f09b02afffb7168b"
 		score = 75
 		quality = 75
@@ -240278,8 +244496,8 @@ rule DITEKSHEN_MALWARE_Win_Strifewater : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9347-L9372"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9347-L9372"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ddb189dfe58af08d2c0682239551a5b9d82db94eedcefc02895316bcbbaca3f2"
 		score = 75
 		quality = 75
@@ -240319,8 +244537,8 @@ rule DITEKSHEN_MALWARE_Win_Surtr : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9374-L9396"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9374-L9396"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a8db5588079d471d8904f0444973973a0c01dbec1ccbe3d43a34d41a0dde495d"
 		score = 75
 		quality = 25
@@ -240353,8 +244571,8 @@ rule DITEKSHEN_MALWARE_Win_Udprat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9398-L9413"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9398-L9413"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4606b304d179148c6e44a0a8329675f2823f862a0944284cb646e5910659ea7c"
 		score = 75
 		quality = 75
@@ -240384,8 +244602,8 @@ rule DITEKSHEN_MALWARE_Win_Jesterstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9415-L9435"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9415-L9435"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c84df5d3ad2bc7a75a11c07995cc034c2a92b2f6f6f6943288add9c44c57bf6d"
 		score = 75
 		quality = 75
@@ -240420,8 +244638,8 @@ rule DITEKSHEN_MALWARE_Win_Soranostealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9437-L9461"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9437-L9461"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "27c9d6bf3f40f3d41c35975e856671fafcd4a0a8143b3bcbdff61c1fb28a37ab"
 		score = 75
 		quality = 75
@@ -240460,8 +244678,8 @@ rule DITEKSHEN_MALWARE_Win_Gloomanestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9463-L9479"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9463-L9479"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "36aa9f863efb8172ed6449932169e6cb26cdeedd84bc734e09a8116a9c7774ac"
 		score = 75
 		quality = 75
@@ -240492,8 +244710,8 @@ rule DITEKSHEN_MALWARE_Win_Lockdown : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9481-L9494"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9481-L9494"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a9bc2f514730703f3edf78a61f1bc357eee12b3289fc7491197c3b885286ca7e"
 		score = 75
 		quality = 73
@@ -240521,8 +244739,8 @@ rule DITEKSHEN_MALWARE_Win_Unamedstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9496-L9512"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9496-L9512"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84f4ac7489a0d522763f69ce55f816642a8511dc4b9698ce47c983020a2b7bea"
 		score = 75
 		quality = 75
@@ -240553,8 +244771,8 @@ rule DITEKSHEN_MALWARE_Win_Zxshell_Loader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9514-L9562"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9514-L9562"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b20350af231e0c329423c71d8f099305ed447d2ffcb7a533b7531dc9f5357b93"
 		score = 75
 		quality = 57
@@ -240602,8 +244820,8 @@ rule DITEKSHEN_MALWARE_Win_Bandit : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9564-L9600"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9564-L9600"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e557f5a928b5da90f3ec878d6d8615a2d8b5f33e97954cd3278044f76b543386"
 		score = 75
 		quality = 57
@@ -240654,8 +244872,8 @@ rule DITEKSHEN_MALWARE_Win_Laplas : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9602-L9630"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9602-L9630"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e4a1f39a539782118db9c4ab89d03e359420397ef970165389cc79e7ea0952b3"
 		score = 75
 		quality = 50
@@ -240696,8 +244914,8 @@ rule DITEKSHEN_MALWARE_Win_Mystic : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9632-L9646"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9632-L9646"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "26e0b85141df818d70124c0b19b5b6a05ac24ae679724d7a8ad94415a6462d17"
 		score = 75
 		quality = 75
@@ -240726,8 +244944,8 @@ rule DITEKSHEN_MALWARE_Linux_Buhti : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9648-L9661"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9648-L9661"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1bab3202dbeaf088b233c3ab1056c357d156b7eef3111bea997b1c610a27f561"
 		score = 75
 		quality = 75
@@ -240755,8 +244973,8 @@ rule DITEKSHEN_MALWARE_Win_Commonmagic : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9663-L9678"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9663-L9678"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e94ba53f31f3effe12b1fbaca19fea59c0e12f742f6fc0af2a0a679bf4299cbe"
 		score = 75
 		quality = 75
@@ -240786,8 +245004,8 @@ rule DITEKSHEN_MALWARE_Win_Greetingghoul : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9680-L9697"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9680-L9697"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a2635066df031ba6e291c3ba14f9ed85bf3247c82c66eb1b3d3618fdebb47a6"
 		score = 75
 		quality = 75
@@ -240819,8 +245037,8 @@ rule DITEKSHEN_MALWARE_Win_Multi_Family_Infostealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9699-L9721"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9699-L9721"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0fdd1cdc4f2e5bee6c763e6e6b2e79d85285e44e2b5e3168a56d7d360252ee99"
 		score = 75
 		quality = 23
@@ -240857,8 +245075,8 @@ rule DITEKSHEN_MALWARE_Win_Worldwind : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9723-L9744"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9723-L9744"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9bb04fad460193cd877ea7f2de9337f69aadda01aee6c79f0a23cdf564b1e6c8"
 		score = 75
 		quality = 75
@@ -240894,8 +245112,8 @@ rule DITEKSHEN_MALWARE_Win_Prynt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9746-L9767"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9746-L9767"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84f2b33285ab1d129a62940a02990639cc8f7c92d490d7257e6aed9170d1e34e"
 		score = 75
 		quality = 75
@@ -240931,8 +245149,8 @@ rule DITEKSHEN_MALWARE_Win_Darkeye : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9769-L9788"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9769-L9788"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5496dcbfe075a4030a446027765186e9dd1931561a29a481139281e1708ce87d"
 		score = 75
 		quality = 75
@@ -240966,8 +245184,8 @@ rule DITEKSHEN_MALWARE_Win_Invalidprinter : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9790-L9800"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9790-L9800"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d14d53b2a73952244641f4e68a3dd5af8cb1e2bfc5936f300f9347b4881ceeb8"
 		score = 75
 		quality = 75
@@ -240992,8 +245210,8 @@ rule DITEKSHEN_MALWARE_Win_Raccoonv2 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9802-L9823"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9802-L9823"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d47bb9051923147010452bcd6e7c370c2ff9ea9095bcb920b64f69873b15ec16"
 		score = 75
 		quality = 25
@@ -241029,8 +245247,8 @@ rule DITEKSHEN_MALWARE_Win_Truebot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9825-L9845"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9825-L9845"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a92141ef0aa7d68b3594a0f56c0370498fe5751a472c9011ac8b92ae46e88e53"
 		score = 75
 		quality = 75
@@ -241066,8 +245284,8 @@ rule DITEKSHEN_MALWARE_Win_Lummastealer : FILE
 		date = "2034-02-17"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9847-L9872"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9847-L9872"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "74014c5bcc85977b90faed93b348c34e47ee033b06c2f145348ca9c54c27bda5"
 		score = 75
 		quality = 73
@@ -241105,8 +245323,8 @@ rule DITEKSHEN_MALWARE_Win_Xworm : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9874-L9900"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9874-L9900"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7"
 		score = 75
 		quality = 23
@@ -241147,8 +245365,8 @@ rule DITEKSHEN_MALWARE_Win_Clipbanker03 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9902-L9922"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9902-L9922"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "29bbb833c9aecc18b398b8c0d80649994f4992277d1aa2ee4ae8e319b59125d5"
 		score = 75
 		quality = 50
@@ -241183,8 +245401,8 @@ rule DITEKSHEN_MALWARE_Win_Dotrunpex : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9924-L9936"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9924-L9936"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d7f802f233b2b4ff2c250bb8e96649f307bbb3457c78004751401b3ea7f531a0"
 		score = 75
 		quality = 75
@@ -241211,8 +245429,8 @@ rule DITEKSHEN_MALWARE_Win_Cyberstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9938-L9959"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9938-L9959"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "72413b68fa1381656202165dcd878761727e7caf0f15ccd65f3f2f842243a1f6"
 		score = 75
 		quality = 71
@@ -241248,8 +245466,8 @@ rule DITEKSHEN_MALWARE_Win_Arrowrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9961-L9979"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9961-L9979"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "13e6d4fd274f75c50aa4110276812d02885c03cfc269dde480db66955e5f703a"
 		score = 75
 		quality = 25
@@ -241282,8 +245500,8 @@ rule DITEKSHEN_MALWARE_Win_Ducktail : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L9981-L10009"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L9981-L10009"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a416212e5f87b33fdc14590c3d6d6ebc2915c2b383adf78d660c9408beb2323f"
 		score = 75
 		quality = 75
@@ -241326,8 +245544,8 @@ rule DITEKSHEN_MALWARE_Win_Grum : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10011-L10025"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10011-L10025"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "42a1d57dcddda4a24037af136caace6110b90ee5702c7c01d2a77d2676048c74"
 		score = 75
 		quality = 50
@@ -241356,8 +245574,8 @@ rule DITEKSHEN_MALWARE_Win_Dlinjector07 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10027-L10043"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10027-L10043"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aef43b59ef7d0d62a853280ec1588a48d6c21da5218b7fd7e6ab1aa0f048896b"
 		score = 75
 		quality = 73
@@ -241388,8 +245606,8 @@ rule DITEKSHEN_MALWARE_Win_Stealerium : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10045-L10060"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10045-L10060"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2834e7fe26ad0197a9e490ab517029ceed2e09506fcc37e6ddf0c1804fa6cb9"
 		score = 75
 		quality = 73
@@ -241419,8 +245637,8 @@ rule DITEKSHEN_MALWARE_Linux_Gobrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10062-L10080"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10062-L10080"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "070687c909b066e38f72b6421b77670e87476d7e1eb1ed8d41d027836629eb71"
 		score = 75
 		quality = 75
@@ -241453,8 +245671,8 @@ rule DITEKSHEN_MALWARE_Win_Hakunamatata : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10082-L10102"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10082-L10102"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b49705845e5440c3c1e47e196592ca2b31319d1af5265f2f954d3367e3d39d5c"
 		score = 75
 		quality = 75
@@ -241489,8 +245707,8 @@ rule DITEKSHEN_MALWARE_Win_Hakunamatata_Builder : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10104-L10122"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10104-L10122"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ac258851de38504cf63ba51fd06f8a9a3dfbe0096d199ba702e9763b5ecc43e4"
 		score = 75
 		quality = 73
@@ -241523,8 +245741,8 @@ rule DITEKSHEN_MALWARE_Win_Twarbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10124-L10139"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10124-L10139"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6b1b0b92d2ea7adec58a4b0ac712384542d96dc8707b6f1f13df2d8150a03a7a"
 		score = 75
 		quality = 75
@@ -241554,8 +245772,8 @@ rule DITEKSHEN_MALWARE_Win_G0Crypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10141-L10174"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10141-L10174"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a678bbb02b82c34fb5e7bdce2e60b0da88f12b094e7ca3b74345814d0da5ce42"
 		score = 75
 		quality = 73
@@ -241603,8 +245821,8 @@ rule DITEKSHEN_MALWARE_Win_Modiloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10199-L10236"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10199-L10236"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4"
 		score = 75
 		quality = 71
@@ -241649,8 +245867,8 @@ rule DITEKSHEN_MALWARE_Win_Akira : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10238-L10261"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10238-L10261"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "73dd0a1b21be8ff7362536f6b6255cd19510632782effd67a56d7656bebf04ff"
 		score = 75
 		quality = 75
@@ -241688,8 +245906,8 @@ rule DITEKSHEN_MALWARE_Linux_Akira : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10263-L10282"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10263-L10282"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a00154e1cfc442718e753641d3706ffd4dd8465525d0bb2854f74dfb1cf5dd0"
 		score = 75
 		quality = 75
@@ -241723,8 +245941,8 @@ rule DITEKSHEN_MALWARE_Win_Romcom_Loader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10309-L10325"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10309-L10325"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7aef88aa9f201c3a1852d63b17c14e44c7c2a7dfe94a9bc77897a4aa0eb97486"
 		score = 75
 		quality = 75
@@ -241744,8 +245962,8 @@ rule DITEKSHEN_MALWARE_Win_Romcom_Worker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10327-L10340"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10327-L10340"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "488db046458585882a4709438042b57e02d7dbc06483fdfdfc463a64ee8db203"
 		score = 75
 		quality = 73
@@ -241773,8 +245991,8 @@ rule DITEKSHEN_MALWARE_Win_Romcom_Dropper : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10342-L10353"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10342-L10353"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "89f62f71e5870c1e5d14bc32dd3508da620f5fa85494251c69682eb09d630029"
 		score = 75
 		quality = 75
@@ -241800,8 +246018,8 @@ rule DITEKSHEN_MALWARE_Win_STEALDEAL : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10355-L10366"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10355-L10366"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "366c33b06ed9403b2b840d98e25287333eb52f2588f747981b3c0c3baf4fd27a"
 		score = 75
 		quality = 50
@@ -241827,8 +246045,8 @@ rule DITEKSHEN_MALWARE_Win_Darkcloud : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10368-L10389"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10368-L10389"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7826cc4185d6edb760d062019e0fa30f800c34e5fb4b0eedcfb17081e6c7643d"
 		score = 75
 		quality = 48
@@ -241864,8 +246082,8 @@ rule DITEKSHEN_MALWARE_Win_Arcrypt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10391-L10417"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10391-L10417"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc9fa68d093fdf9745a06beb28e29108cb2ba846122ce097ad892213b1edba25"
 		score = 75
 		quality = 75
@@ -241906,8 +246124,8 @@ rule DITEKSHEN_MALWARE_Win_Rootteamstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10419-L10435"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10419-L10435"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d1693865253067527d58c980653d550b55d022d5a394b88090a958e5d5818143"
 		score = 75
 		quality = 75
@@ -241938,8 +246156,8 @@ rule DITEKSHEN_MALWARE_Win_Espioloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10456-L10469"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10456-L10469"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ad77a50db48f12e6f6465652b24fc1daa56375bb27e37e0eead1bea55b89e0c"
 		score = 75
 		quality = 75
@@ -241967,8 +246185,8 @@ rule DITEKSHEN_MALWARE_Win_Celestybinderloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10471-L10484"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10471-L10484"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8c9ffd48c9c8cd345dccfb48bcb345282f9978f7cf906a61e2ea81c48486b16d"
 		score = 75
 		quality = 75
@@ -241996,8 +246214,8 @@ rule DITEKSHEN_MALWARE_Win_Blitzgrabber : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10486-L10505"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10486-L10505"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8baceacf3c2af61e00b31e8106820b6f1ce2e7a9d98eaed965e698109ae08314"
 		score = 75
 		quality = 71
@@ -242031,8 +246249,8 @@ rule DITEKSHEN_MALWARE_Win_Bagle : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10507-L10523"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10507-L10523"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4c3a09f10c792de1ab25001da29ea2fee84c583d49d9a5225817644aabde2dea"
 		score = 75
 		quality = 75
@@ -242063,8 +246281,8 @@ rule DITEKSHEN_MALWARE_Win_Ragestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10525-L10540"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10525-L10540"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a26b86845bcd62d4a360a8dae9cfa56b5d96ebc521f224c18a01cc0a2bd958e9"
 		score = 75
 		quality = 75
@@ -242094,8 +246312,8 @@ rule DITEKSHEN_MALWARE_Win_Abubasbanditbot : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10542-L10559"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10542-L10559"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aae40178dadff720b42d211a025fd696eabdcc91761c6a91809f5f088c588c31"
 		score = 75
 		quality = 75
@@ -242127,8 +246345,8 @@ rule DITEKSHEN_MALWARE_Win_Oracrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10561-L10575"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10561-L10575"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "078a5df9f3d0bb8213ea2fe28eefdb453ef186e6c1f62d3ba10cb04fca047700"
 		score = 75
 		quality = 75
@@ -242157,8 +246375,8 @@ rule DITEKSHEN_MALWARE_Win_Phemedronestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10577-L10598"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10577-L10598"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "74e150cc971f5648f9e3f6146afba162b1a29cf2744c862b2320db52c2efa930"
 		score = 75
 		quality = 75
@@ -242194,8 +246412,8 @@ rule DITEKSHEN_MALWARE_Win_WSHRAT : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10600-L10618"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10600-L10618"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "297bfe65815637a464e2a8fc23570c6e79694ffe0467d5898b7c845f1450de95"
 		score = 75
 		quality = 23
@@ -242228,8 +246446,8 @@ rule DITEKSHEN_MALWARE_Win_Rustystealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10620-L10643"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10620-L10643"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e60e66360c8f97a31e75cd90a12519f75f3a672874fc985a8da1d4d02e185b4d"
 		score = 75
 		quality = 75
@@ -242267,8 +246485,8 @@ rule DITEKSHEN_MALWARE_Win_Simplepacker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10645-L10656"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10645-L10656"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e2c07947fdf53814669250052f6cceb7412aa302422f3a0b430879da638c7e6a"
 		score = 75
 		quality = 75
@@ -242294,8 +246512,8 @@ rule DITEKSHEN_MALWARE_Multi_Golangbypassav : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10697-L10707"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10697-L10707"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "842dfc7c04cbd19bbbc8b6fbf9d9925f81a21dfb713af4542ca4157d64fa5b51"
 		score = 75
 		quality = 75
@@ -242320,8 +246538,8 @@ rule DITEKSHEN_MALWARE_Win_Blankstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10709-L10721"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10709-L10721"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "cc0c8d3e0061d192e445ef661387360644ab428a9e9fc2480e966db96bc8264c"
 		score = 75
 		quality = 75
@@ -242348,8 +246566,8 @@ rule DITEKSHEN_MALWARE_Linux_Getshell : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10723-L10743"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10723-L10743"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9d44ad2a3c270eed0e905402e8c32dcca54da90f4229d9d59874ee09b3b47277"
 		score = 75
 		quality = 75
@@ -242384,8 +246602,8 @@ rule DITEKSHEN_MALWARE_Win_Solarmarker : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10745-L10763"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10745-L10763"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "84182c8948c2f40439cd932885ae8b88bb677ecc9fba366f22d30e13dc4ffb68"
 		score = 75
 		quality = 75
@@ -242418,8 +246636,8 @@ rule DITEKSHEN_MALWRE_Win_Darkgate : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10765-L10789"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10765-L10789"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "805a04bbb3915d539e76927393384a2786c25490e8b9fc151d5b12415247578b"
 		score = 75
 		quality = 25
@@ -242458,8 +246676,8 @@ rule DITEKSHEN_MALWARE_Win_Rookie_Downloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10791-L10804"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10791-L10804"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d5625c2cd7e3a51c2fce9948e691ff2d1b7cf85083708790f89e15c6522059b"
 		score = 75
 		quality = 75
@@ -242487,8 +246705,8 @@ rule DITEKSHEN_MALWARE_Win_Fiber : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10806-L10842"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10806-L10842"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bd6c2c02272fe59c8d7de533197f15d94b5532d32875f01e3e4bd52506456a34"
 		score = 75
 		quality = 75
@@ -242539,8 +246757,8 @@ rule DITEKSHEN_MALWARE_Win_Unknown_Packedloader_01 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10844-L10863"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10844-L10863"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6fd9075793b55e04c68bb13d21b88741889a9c37a0a9d1a19d895c7b68af4506"
 		score = 75
 		quality = 75
@@ -242574,8 +246792,8 @@ rule DITEKSHEN_MALWARE_Win_LOLKEK : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10865-L10882"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10865-L10882"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "047492f8b7b56c75cfdcc4359de2b02a76cf9591b902171785806987e552995a"
 		score = 75
 		quality = 75
@@ -242607,8 +246825,8 @@ rule DITEKSHEN_MALWARE_Win_Spacecolon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10884-L10904"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10884-L10904"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d6e55c45f9df98bc152dadc1ba0953b4b89b5a503af0fc5ba53e12a1aa4f6d28"
 		score = 75
 		quality = 48
@@ -242643,8 +246861,8 @@ rule DITEKSHEN_MALWARE_Win_Rhysida : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10906-L10920"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10906-L10920"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fb15f497cdee40b237dfc2aafcde2da95ff2a6f9c162273862ec1a0053269932"
 		score = 75
 		quality = 75
@@ -242673,8 +246891,8 @@ rule DITEKSHEN_MALWARE_Win_Povertystealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10922-L10935"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10922-L10935"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0d8a4dd1f3a9935935878840d19e16d91d240da776f99eb2dd3f12df96efa1d9"
 		score = 75
 		quality = 75
@@ -242702,8 +246920,8 @@ rule DITEKSHEN_MALWARE_Win_Janelarat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10937-L10957"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10937-L10957"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9f10112b6ffa382b03511e7b6c8757438d5910ee2c24d650d05bb53abfff3860"
 		score = 75
 		quality = 75
@@ -242738,8 +246956,8 @@ rule DITEKSHEN_MALWARE_Win_Qwixxrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10959-L10971"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10959-L10971"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e6e44697e393da35215f7835f122cb74b05dbeebb558345d5110d6fbc809f4dd"
 		score = 75
 		quality = 75
@@ -242766,8 +246984,8 @@ rule DITEKSHEN_MALWARE_Win_Toxiceye : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L10973-L10991"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L10973-L10991"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee01c107dd295b923801c0d1a77b1534d3a5f2abf8d2cfa93c6786a1b0553504"
 		score = 75
 		quality = 75
@@ -242800,8 +247018,8 @@ rule DITEKSHEN_MALWARE_Win_Rdpcredsstealerinjector : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11012-L11025"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11012-L11025"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0dfade8dde987f5134158b7c4abc3eaf8dcece86e1ff2ab1da4466da316939a2"
 		score = 75
 		quality = 25
@@ -242829,8 +247047,8 @@ rule DITEKSHEN_MALWARE_Win_Krakenstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11027-L11048"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11027-L11048"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7f15823db706e6e51d8ea58fb026efb49f42234255d2f448614dc645d12648bb"
 		score = 75
 		quality = 23
@@ -242866,8 +247084,8 @@ rule DITEKSHEN_MALWARE_Win_Whiffyrecon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11050-L11070"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11050-L11070"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "58df9f47f5890c5e31d352be682c6164a940dad206ad29c54c43f70d3afb9543"
 		score = 75
 		quality = 75
@@ -242902,8 +247120,8 @@ rule DITEKSHEN_MALWARE_Win_Quiterat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11072-L11086"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11072-L11086"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "257f9151294254e3e86979f184963f0396587438393b11bad068ba0f386cfc4a"
 		score = 75
 		quality = 75
@@ -242932,8 +247150,8 @@ rule DITEKSHEN_MALWARE_PWSH_CUMII
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11088-L11104"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11088-L11104"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ab9e59b0552718928d170a988d129b38352700076847f2f409976016858864eb"
 		score = 75
 		quality = 75
@@ -242964,8 +247182,8 @@ rule DITEKSHEN_MALWARE_Win_Agnianestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11106-L11132"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11106-L11132"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0031fbe6d76868819cbcfc638433d60a50e8f5cfd14ff25af88ed3dffefd7d62"
 		score = 75
 		quality = 25
@@ -243006,8 +247224,8 @@ rule DITEKSHEN_MALWARE_Win_TOITOIN_Kritaloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11134-L11145"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11134-L11145"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9629a4cfa606812d2579c0c0d486dec5971854e5133f0594a4638db5b89c3135"
 		score = 75
 		quality = 75
@@ -243033,8 +247251,8 @@ rule DITEKSHEN_MALWARE_Win_TOITOIN_Injectordll : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11147-L11159"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11147-L11159"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fc80c702305657ba1058ca7f55579d1d5254dd0f619c5f7fda7886a868b65c93"
 		score = 75
 		quality = 25
@@ -243061,8 +247279,8 @@ rule DITEKSHEN_MALWARE_Win_TOITOIN_Downloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11161-L11172"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11161-L11172"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d7e5e99c9266ec144152c3d1066e0e1a862f48ded17fab8f504192ca48219826"
 		score = 75
 		quality = 75
@@ -243088,8 +247306,8 @@ rule DITEKSHEN_MALWARE_Win_Venomrat : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11174-L11188"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11174-L11188"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "47d343def76a323c66db4ba6fb1c0d119f45323f9b7f36695e4aeb7b070819d7"
 		score = 75
 		quality = 75
@@ -243118,8 +247336,8 @@ rule DITEKSHEN_MALWARE_Win_Sapphirestealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11190-L11208"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11190-L11208"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "97088c0decf158d45a02571bd50b5f370c139339c19b8071f38c0f9816232d1f"
 		score = 75
 		quality = 75
@@ -243152,8 +247370,8 @@ rule DITEKSHEN_MALWARE_Win_R77 : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11210-L11235"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11210-L11235"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e3ec6e88a3a77b7dc69eb51a528e6417f6b8695c7cb01d699cf248cebd9b84e2"
 		score = 75
 		quality = 75
@@ -243183,8 +247401,8 @@ rule DITEKSHEN_MALWARE_Win_Disco_Nightclub : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11237-L11255"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11237-L11255"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee0bd110ea1a3182284c4b3d6dd7eff48ca809a35a925147c716b18a88c0a233"
 		score = 75
 		quality = 51
@@ -243217,8 +247435,8 @@ rule DITEKSHEN_MALWARE_Win_Risepro : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11257-L11287"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11257-L11287"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f6f1832f316df51ca108a3c75034bd53c3823cd3d9b16da120e12e252dbf90ff"
 		score = 75
 		quality = 71
@@ -243263,8 +247481,8 @@ rule DITEKSHEN_MALWARE_Win_Graphicalproton_Rsockstun : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11289-L11304"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11289-L11304"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ca4d18160b89d82106310237cf81bba57a7f51be77a31d2f18ca8c2987972c2c"
 		score = 75
 		quality = 75
@@ -243294,8 +247512,8 @@ rule DITEKSHEN_MALWARE_Win_PWSHDLLDL : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11306-L11321"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11306-L11321"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7acef81f0e6e282650c161963599dcbe2b3975d482eb7c330581901b0fe85655"
 		score = 75
 		quality = 75
@@ -243325,8 +247543,8 @@ rule DITEKSHEN_MALWARE_Win_Nppspy : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11323-L11343"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11323-L11343"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "53e929b52dddd5e3d060d2dd9937411f1ff215be4d3c67f5935c2a3fbab006d6"
 		score = 75
 		quality = 75
@@ -243359,8 +247577,8 @@ rule DITEKSHEN_MALWARE_Win_Agentracoon : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11345-L11361"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11345-L11361"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7ed17a1bc161855f2bdc432952086f3b86b58ae9ea6c0d541544f4b63a8e08e8"
 		score = 75
 		quality = 75
@@ -243391,8 +247609,8 @@ rule DITEKSHEN_MALWARE_Win_Simda : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11363-L11379"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11363-L11379"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3f06e86033e8f9534f9904a2a63c4717a9532eb235f6f4405ef1db7d9b93f036"
 		score = 75
 		quality = 25
@@ -243423,8 +247641,8 @@ rule DITEKSHEN_MALWARE_Win_Vbsdownloader : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11381-L11393"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11381-L11393"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fee9a78e60d02ff2f03035812af2bf36fe350c70d3e4e094713791833f8ba4d6"
 		score = 75
 		quality = 75
@@ -243451,8 +247669,8 @@ rule DITEKSHEN_MALWARE_Win_Umbralstealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11395-L11416"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11395-L11416"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1686e4626e4d6335f028d6cb6471c32dac747a77fc95d97b4c9dfd043ba975e9"
 		score = 75
 		quality = 25
@@ -243488,8 +247706,8 @@ rule DITEKSHEN_MALWARE_Win_Metastealer : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11418-L11441"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11418-L11441"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "260c6d90a89ddb6219a5cbad18058e41611ae2dc68a8d4e589fa6ca81853752f"
 		score = 75
 		quality = 75
@@ -243527,8 +247745,8 @@ rule DITEKSHEN_MALWARE_Win_Mediapi : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11443-L11457"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11443-L11457"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2bce0a96b45e46c0cbd913dacb3dfe7ae1b519102d637e0fd9dabe2008037d94"
 		score = 75
 		quality = 75
@@ -243557,8 +247775,8 @@ rule DITEKSHEN_MALWARE_Win_Blackhunt : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11459-L11474"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11459-L11474"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "62e9bc505eff3e19ff0cdaf180e45e6d7917f0bec7cd9b007bee9fe1d9d09b66"
 		score = 75
 		quality = 75
@@ -243588,8 +247806,8 @@ rule DITEKSHEN_MALWARE_Win_Scouteliteps
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/back-in-2017"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11552-L11587"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11552-L11587"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b1047b8b485fcfa29225f53674050703d32498cfa99654c8ac5f8bfac29878e"
 		score = 75
 		quality = 37
@@ -243638,8 +247856,8 @@ rule DITEKSHEN_MALWARE_Win_Houdiniconfig : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/back-in-2017"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11618-L11634"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11618-L11634"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "70a67c9a91d2f82184f1d7a5ea51de911a054dd4e38e2cc36f495ed59219afab"
 		score = 75
 		quality = 75
@@ -243669,8 +247887,8 @@ rule DITEKSHEN_MALWARE_Win_Houdini : FILE
 		date = "2024-05-28"
 		modified = "2024-05-28"
 		reference = "https://github.com/ditekshen/back-in-2017"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/malware.yar#L11636-L11707"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/malware.yar#L11636-L11707"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0580d2525d9d989f98e815dd98b9258724b6e31f058092132c0fbd67cbc5c63c"
 		score = 75
 		quality = 46
@@ -243749,8 +247967,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Lazagne : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L3-L20"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L3-L20"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "af4427174c1026204dc9c71878c5125efdf190328840b65fe4a69277a16fe7d2"
 		score = 75
 		quality = 50
@@ -243782,8 +248000,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Credstealer : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L22-L41"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L22-L41"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e729c8b0b1db642acabbc4590833c05ce81447bb89e5f40aea5f0b8ebdee4438"
 		score = 75
 		quality = 75
@@ -243817,8 +248035,8 @@ rule DITEKSHEN_INDICATOR_TOOL_CNC_Shootback : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L43-L62"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L43-L62"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "996cabd4965164cb844cee1ab1e2894fc2b4fac14d4e660c456b494c5cbd0688"
 		score = 75
 		quality = 50
@@ -243852,8 +248070,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Fgdump : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L64-L81"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L64-L81"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fdccd91a84374f7c94843bd9c2191720959416acf2e33d7b28b42d63d7ea4ce3"
 		score = 75
 		quality = 75
@@ -243885,8 +248103,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Sharpweb : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L83-L110"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L83-L110"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "036d576eb7acdededda7b31d3dda3a4928e01ff761bf45a1112da6bf7d4e2966"
 		score = 75
 		quality = 40
@@ -243924,8 +248142,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Blackbone : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L112-L129"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L112-L129"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e9dacd28accaef8a93ff8d3b5cf9437b3848791711a4a7118ab46d2bb6ca42d3"
 		score = 75
 		quality = 75
@@ -243957,8 +248175,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Mimikatz : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L131-L164"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L131-L164"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "42c9c78c88bb7c427d5f0bf1d3b0113205780142b499eb17858037ded0f2971e"
 		score = 75
 		quality = 73
@@ -244003,8 +248221,8 @@ rule DITEKSHEN_INDICATOR_TOOL_SCN_Portscan : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L166-L180"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L166-L180"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ebe5eb045a250ca38a55ac43018548074e9db160d76737c36f8ae5ea268b7b10"
 		score = 75
 		quality = 75
@@ -244033,8 +248251,8 @@ rule DITEKSHEN_INDICATOR_TOOL_MEM_Mxtract : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L182-L195"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L182-L195"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8271722c3b8f4458d20cf874d37e87e3b1fde701205ff54f0360fb87f717fc3f"
 		score = 50
 		quality = 69
@@ -244062,8 +248280,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Sniffpass : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L197-L212"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L197-L212"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b56ee4bac39b4220b24e92d00076650ffe84b71a60c0213a84fcf21c6cfe4cf"
 		score = 75
 		quality = 75
@@ -244093,8 +248311,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Avbypass_Aviator : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L214-L240"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L214-L240"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1fb497eec2b0cd4051b5ddd53463f1da511c0a7b72d54a0bc68736a99fdc6143"
 		score = 75
 		quality = 75
@@ -244134,8 +248352,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Pwdump7 : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L242-L254"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L242-L254"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f84ab69ecc6837a826dc8726785165b8135edf51a47fb5bbaf19dc589b3032bd"
 		score = 75
 		quality = 75
@@ -244162,8 +248380,8 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Sharpexec : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L256-L275"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L256-L275"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "17ae5c9f0b22e8ecbbbcbe052e466d00cb7b62cff423688b5138209c52f0698d"
 		score = 75
 		quality = 23
@@ -244197,8 +248415,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PRV_Advancedrun : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L277-L289"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L277-L289"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3f39e8f0629647f44a2f473d7b49a8b6adb1acd62de36420b80e7820e63854bb"
 		score = 75
 		quality = 75
@@ -244225,8 +248443,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Amady : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L291-L306"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L291-L306"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "409374bec5f58abeb7741b41f0fc7ea1c3fdc7bbc3f0c0628db0e3aac82836d1"
 		score = 75
 		quality = 75
@@ -244256,8 +248474,8 @@ rule DITEKSHEN_INDICATOR_TOOL_SCR_Amady : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L308-L320"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L308-L320"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9e7ab39976e3219f0c6c3ce5341442343cc4baf30757cd1c9d0c2d3845fdda2f"
 		score = 75
 		quality = 75
@@ -244284,8 +248502,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Eternalblue : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L322-L342"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L322-L342"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "63e56637118accb8c32c20e52465c027df2dbf83b3b663d316b453ce879572c8"
 		score = 75
 		quality = 75
@@ -244318,8 +248536,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Weblogic : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L344-L353"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L344-L353"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "01855f1125b0ba87dd40f7d460440dbda2d75c8b484e842a2b2e20c089b4ab5e"
 		score = 75
 		quality = 75
@@ -244343,8 +248561,8 @@ rule DITEKSHEN_INDICATOR_TOOL_SCN_Smbtouch : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L376-L400"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L376-L400"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "78c2a435762d3febe927eb15910d5a18c1ffe74604673463543d3c859f5ef8e9"
 		score = 75
 		quality = 75
@@ -244382,8 +248600,8 @@ rule DITEKSHEN_INDICATOR_TOOL_SCN_Nbtscan : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L402-L420"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L402-L420"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a81b95ad60aac4d66586ae7dc61f6bcbe2b7185b66b2bb895f45abff3ad3f430"
 		score = 75
 		quality = 75
@@ -244416,8 +248634,8 @@ rule DITEKSHEN_INDICATOR_TOOL_ENC_Bestcrypt : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L442-L453"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L442-L453"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "77d338c6f3e4b733cb31eb1ae05e4ce8631812f7161bc70074a3fe1dee9df770"
 		score = 75
 		quality = 50
@@ -244443,8 +248661,8 @@ rule DITEKSHEN_INDICATOR_TOOL_CNC_Earthworm : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L455-L471"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L455-L471"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5045faaaa9e60d4bd506240d51ff78dad4e89ccee0e824e7e5c309a8d3ae2883"
 		score = 75
 		quality = 50
@@ -244475,8 +248693,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Keychaindumper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L473-L484"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L473-L484"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f606bdd5dba2180ffc552c46373b52801a0bd65a538b381fb9f4240efc5bd458"
 		score = 75
 		quality = 71
@@ -244502,8 +248720,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_P0Wnedshell : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L486-L512"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L486-L512"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9745b69573bf695fdada122143fb1889a7b2025250b5fb1e8f1a86b3be6f27d3"
 		score = 75
 		quality = 75
@@ -244544,8 +248762,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Rubeus : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L514-L531"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L514-L531"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee817d23427970d7e77f9ce2a7cbc25c77177d81354fed83e7551cdcbc2d7cd2"
 		score = 75
 		quality = 75
@@ -244577,8 +248795,8 @@ rule DITEKSHEN_INDICATOR_TOOL_RTK_Hiddenrootkit : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L533-L554"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L533-L554"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "20180fc040c1b988b17b1ca9b61a7dab5180df4961a00f0afcb03e2cbe99b28f"
 		score = 75
 		quality = 50
@@ -244614,8 +248832,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Sharphound : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L556-L573"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L556-L573"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bdf10d0aabd6c41e8dd1f87c0fa141f300d785146d059fcd301ec35f65fbe990"
 		score = 75
 		quality = 48
@@ -244647,8 +248865,8 @@ rule DITEKSHEN_INDICATOR_TOOL_UAC_NSISUAC : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L575-L587"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L575-L587"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48c0247c789328a0ff62816f5d6ecac7a0f2a3fe2cb95d99c0e7d988147f7137"
 		score = 75
 		quality = 75
@@ -244675,8 +248893,8 @@ rule DITEKSHEN_INDICATOR_TOOL_REM_Intelliadmin : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L589-L602"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L589-L602"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8b601d68eff65bc6cc2fb46630a7021e229764f9a80f6d3278ba3b9f55e5b114"
 		score = 75
 		quality = 75
@@ -244704,8 +248922,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Sharpwmi : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L604-L619"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L604-L619"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e6c5764d0883e2882e06f07e4729362011a4d65614259b85978e1c6ef5cfadb7"
 		score = 75
 		quality = 73
@@ -244735,8 +248953,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Defendercontrol : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L621-L631"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L621-L631"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "826ed0643a07580750eb11c4cf2c2759f53b6c2bda51705476edc4808abccbf8"
 		score = 75
 		quality = 75
@@ -244761,8 +248979,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Mulit_Venomagent : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L633-L645"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L633-L645"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5eda23a237404a44dc9eb057adbf6106166374168eb08e55c182da5c05ecb4f1"
 		score = 75
 		quality = 75
@@ -244789,8 +249007,8 @@ rule DITEKSHEN_INDICATOR_TOOL_HFS_Webserver : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L647-L658"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L647-L658"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f5b8947e3858466dae5f476790842500f8184c4676d8c0c4870adb7fd3206652"
 		score = 75
 		quality = 75
@@ -244816,8 +249034,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PROX_Lanproxy : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L660-L675"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L660-L675"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "13a5aaea0fb522e3badb4a60d2db8d7dd46e5721bd6dc2e2b2e29d49e197c375"
 		score = 75
 		quality = 75
@@ -244847,8 +249065,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Peirates : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L677-L694"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L677-L694"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "321f06af098283638f99d027dc3c95a25a72192a25c7afa5081a7dbff8c3acb7"
 		score = 75
 		quality = 75
@@ -244880,8 +249098,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Botb : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L696-L710"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L696-L710"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a01f796b27852f9217d9bfea32f8d9ffb3c88521d4413f6612f7a0544cf44fb3"
 		score = 75
 		quality = 75
@@ -244910,8 +249128,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_LSASS_Createminidump : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L712-L724"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L712-L724"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "577ccc783554363c0bed80d9642e8a0f107fc2ec66d84f76b9556aa3506c86c0"
 		score = 75
 		quality = 75
@@ -244938,8 +249156,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Securityxploded_Browserpassworddumper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L726-L737"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L726-L737"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b3c6e9b393c244c7bf6489f54ebd622a09da050a65d6dbde325d5bcd7d85f39a"
 		score = 75
 		quality = 75
@@ -244965,8 +249183,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Securityxploded_Ftppassworddumper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L739-L750"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L739-L750"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "941bfb9b1ce71252c5aa05bd654bdcf1af6cc1d5f720bc2c239e17454f15beda"
 		score = 75
 		quality = 75
@@ -244992,8 +249210,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Securityxploded_Emailpassworddumper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L752-L764"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L752-L764"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7f07611385d45bf45bfb8ee95e56febfb992fb7b416321c5b590878636a5c1b7"
 		score = 75
 		quality = 75
@@ -245020,8 +249238,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Sharpsphere : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L766-L783"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L766-L783"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "aae9355fcc7a6b5faf3807c85983032519550e936d5660c823d13731083be512"
 		score = 75
 		quality = 50
@@ -245053,8 +249271,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Exchangeexploit : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L785-L798"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L785-L798"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4b0d22a296cab6591d63568aa44845ef7fcc413d45c368a712928411d11a8177"
 		score = 75
 		quality = 69
@@ -245082,8 +249300,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Goclr : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L800-L814"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L800-L814"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a2a79793b1f530bcf9f79983f29a655f270cf0147606690b19eaeb82d4bd1f0d"
 		score = 75
 		quality = 75
@@ -245112,8 +249330,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Edgecookiesview : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L833-L847"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L833-L847"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9ba6d416e02c1958806356c67636609dcca758da9f7e3d1fc15244cc5ff038fc"
 		score = 75
 		quality = 75
@@ -245142,8 +249360,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpnopsexec : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L849-L864"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L849-L864"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c1d76639e7b6464d302729b48bbcd810216132868035904bb9866e7b31ccfac2"
 		score = 75
 		quality = 75
@@ -245173,8 +249391,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Chromecookiesview : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L866-L880"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L866-L880"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "81acd0978fc03525e7092ab51c681b61f9de0252066ce871298e2cd96b1d3024"
 		score = 75
 		quality = 75
@@ -245203,8 +249421,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Sliver : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L882-L900"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L882-L900"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4f9442b74c84c7b4a8fcf93de2919d12efe2f41d0b4e8514b43822fba0962af2"
 		score = 75
 		quality = 75
@@ -245237,8 +249455,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Owlproxy : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L902-L921"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L902-L921"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fa7dd5eeb9799fd651317ceecbed6c960f16c387dc18723409053e44cd281582"
 		score = 75
 		quality = 50
@@ -245272,8 +249490,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Backstab : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L923-L939"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L923-L939"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d25c3ff4d7c120fdf7c275d11da7a321bcbdb275dcfaa699b5bb4bd66167ec92"
 		score = 75
 		quality = 75
@@ -245304,8 +249522,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Sharpprintnightmare : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L941-L961"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L941-L961"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "22c890a22ce6b7c1a06068018364f7c5a2afe1bee5b5bc6a8bae3703a11fac26"
 		score = 75
 		quality = 75
@@ -245340,8 +249558,8 @@ rule DITEKSHEN_INDICATOR_TOOL_REC_Adfind : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L963-L974"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L963-L974"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "41fb9f72032f76adc6f1fccd25a1364f153eb2430063e9d582f3dcd9fc9ac84a"
 		score = 75
 		quality = 75
@@ -245367,8 +249585,8 @@ rule DITEKSHEN_INDICATOR_TOOL_CNC_Chisel : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L976-L990"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L976-L990"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "08c7b2c4725431c1bf85ae8068f4250c98e58890e3b4c97aa9e419e4f487cada"
 		score = 75
 		quality = 75
@@ -245397,8 +249615,8 @@ rule DITEKSHEN_INDICATOR_TOOL_ANT_Sharpedrchecker : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L992-L1023"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L992-L1023"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "77a26ff5298dddebc669d9b6c39905a48a86884cf98adebdf935b94c62d36ddc"
 		score = 75
 		quality = 48
@@ -245444,8 +249662,8 @@ rule DITEKSHEN_INDICATOR_TOOL_ANT_Invizzzible : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1025-L1059"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1025-L1059"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "bd84015f9fdc160a6ed9010c5a5905fcf13987b1fdec6fdd9535e315dc3617e8"
 		score = 75
 		quality = 73
@@ -245494,8 +249712,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXFIL_Sharpbox : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1061-L1080"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1061-L1080"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b03ab3786b2a2e6774d94be4edf700a7154d8d400c7b2b31c73c68ce9fe0c08a"
 		score = 75
 		quality = 75
@@ -245529,8 +249747,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Serioussam01 : CVE_2021_36934 FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1082-L1104"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1082-L1104"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8b9de87dc073e6ba3eb36dd57b31e9749849c2e277f2bcd1c98ffc2d02861e10"
 		score = 75
 		quality = 25
@@ -245567,8 +249785,8 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Petitpotam01 : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1127-L1143"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1127-L1143"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "37a9477b41560904e8874ecaf93eb2667b9450b5d42665677abc1442538f9000"
 		score = 75
 		quality = 50
@@ -245599,8 +249817,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PET_Sharpstrike : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1145-L1160"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1145-L1160"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c479d85878d9f9659fc157f0c6706703af3748a8740df6a5090cddc720dd7661"
 		score = 75
 		quality = 75
@@ -245630,8 +249848,8 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Ladon : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1162-L1178"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1162-L1178"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f31276bcbcae672966cfddc9af4f5b507d7244360b421de7fe1e811fb954fb7d"
 		score = 75
 		quality = 75
@@ -245662,8 +249880,8 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Ladonexp : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1180-L1191"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1180-L1191"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "22f6a717b8464bddd850bb5ea8b416e99bceb91fe917f188be178f2fff620730"
 		score = 75
 		quality = 75
@@ -245689,8 +249907,8 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Ladongo : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1193-L1207"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1193-L1207"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "606172b8fb251cb4ad75de40b55d74779aef6409832f6edf09068083143ec749"
 		score = 75
 		quality = 75
@@ -245719,8 +249937,8 @@ rule DITEKSHEN_INDICATOR_TOOL_ENC_Diskcryptor : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1209-L1232"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1209-L1232"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7ef0bf3b11f7e4055908518ce5b6a49e04d7002ebc3396fd2da32b4e13cf68e0"
 		score = 75
 		quality = 75
@@ -245756,8 +249974,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PRI_Installerfiletakeover : CVE_2021_41379 FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1234-L1253"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1234-L1253"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0a9e53138d33494d9b2aa0271b877e405ea2e8accba7c6eeac547caaa7a7c2ea"
 		score = 75
 		quality = 50
@@ -245791,8 +250009,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PRI_Juicypotato : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1255-L1270"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1255-L1270"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "43a7ac16b9633fd2e6c43ca142cd0d0e2166287bb51e1b6344119959fe054c19"
 		score = 75
 		quality = 75
@@ -245822,8 +250040,8 @@ rule DITEKSHEN_INDICATOR_TOOL_ENUM_Sharpshares : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1290-L1305"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1290-L1305"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8b35d6a692814e1b27ffc1db4ab124bf621c156aaf57f24796c422ec95a85715"
 		score = 75
 		quality = 25
@@ -245853,8 +250071,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PROX_Revsocks : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1307-L1321"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1307-L1321"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4a8e68f25b7ba10b0eb9772ed4ba2b9c6566768f2b5a2859df8bac644d196bf3"
 		score = 75
 		quality = 75
@@ -245883,8 +250101,8 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Azbelt : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1323-L1338"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1323-L1338"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "71cc2b3418ea5e285adafe03fa80bade67dc3e4073fe58d42bc6190860b48b43"
 		score = 75
 		quality = 75
@@ -245914,8 +250132,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dontsleep : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1340-L1354"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1340-L1354"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b8e2132d3b36c3e2d2662a586916c7e4fc029f81af08b5c18006833c4e6f772f"
 		score = 75
 		quality = 75
@@ -245944,8 +250162,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Nsudo : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1356-L1369"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1356-L1369"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6bcffa79ca06b0b4178d6ea256f98d917c2b19cec0b059889b8d015d226a53f9"
 		score = 75
 		quality = 75
@@ -245973,8 +250191,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Ligolo : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1371-L1385"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1371-L1385"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b515dc184013c2f67d37e42d7172e2471b3a93c94024be12c7f587296287282d"
 		score = 75
 		quality = 73
@@ -246003,8 +250221,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Extpassword : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1387-L1403"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1387-L1403"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "525530cb7e9f44be0408fd710306f90056b1b6b9a9e4779d8c1eb1ddef443fb0"
 		score = 75
 		quality = 50
@@ -246035,8 +250253,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Ngrok : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1405-L1418"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1405-L1418"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f4bba142652aaf77e5b7c123b743cf165ae17210c39cf65b7311f7e7bd91f7e1"
 		score = 75
 		quality = 75
@@ -246064,8 +250282,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Sqlrecon : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1420-L1436"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1420-L1436"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "784dbc518cf9492557c9b3536256c4a9b03e4536cf7cee7e764b8009dd4686bb"
 		score = 75
 		quality = 75
@@ -246096,8 +250314,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Atlasreaper : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1438-L1453"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1438-L1453"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4a0436d5c3f1609d23b2b919bebdc56a7fd63e81b99e72dcda1022487cb88240"
 		score = 75
 		quality = 50
@@ -246127,8 +250345,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Ngroksharp : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1455-L1471"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1455-L1471"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c60637177114d369af9c3e96689811845ce1c1dfde8f7f971c4de21439564b4b"
 		score = 75
 		quality = 50
@@ -246159,8 +250377,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Ngrokgo : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1473-L1488"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1473-L1488"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ec151661e3af922aba202c68392a2af17e2c4ed25a71a0b5aacc13fbfcc5c53"
 		score = 75
 		quality = 75
@@ -246190,8 +250408,8 @@ rule DITEKSHEN_INDICATOR_Tool_Forensia : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1490-L1523"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1490-L1523"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7147eee62df10cd8a6c00ec80c4d1bdb8234a181dd6af81d0580d847f05bd0b6"
 		score = 75
 		quality = 73
@@ -246239,8 +250457,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dwagentlib : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1525-L1539"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1525-L1539"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "608dd9bc8cfcec5a671bee9456dccedace31d7ae37180387ac2408f79fd9f452"
 		score = 75
 		quality = 75
@@ -246269,8 +250487,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dwagentsvc : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1541-L1553"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1541-L1553"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "590d41d2e433a7a1bb373fbd0b0d47818a9867bee0399101881b05e83b586f6e"
 		score = 75
 		quality = 75
@@ -246297,8 +250515,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dwagent_Screencapture : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1555-L1575"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1555-L1575"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d3160fd4cce445aa6d2bc6c083893c7610ea5e72824fe9824ad853700f4d3874"
 		score = 75
 		quality = 75
@@ -246333,8 +250551,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dwagent_Soundcapture : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1577-L1587"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1577-L1587"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c0efa9f383373dec1c5b9d127c2b4c6f4906718ae8f62eea28d7a369001be5af"
 		score = 75
 		quality = 75
@@ -246359,8 +250577,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Dogzproxy : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1589-L1601"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1589-L1601"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "575cfed9cb7979216fd8fd2a05efe5dfece3a9120b4f185c015918337829ed63"
 		score = 75
 		quality = 75
@@ -246387,8 +250605,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Fastreverseproxy : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1603-L1619"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1603-L1619"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c26d9e8833c7055a03a446eb983c7f70f1f18669d009ebc204dda3f0bb6048f7"
 		score = 75
 		quality = 75
@@ -246419,8 +250637,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Gogoscan : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1621-L1635"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1621-L1635"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c9fbc98a28c74bf920f5f7d62713834d18b33b5c65483a1bd42e4555764c8346"
 		score = 75
 		quality = 75
@@ -246449,8 +250667,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Gogoprocdump : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1637-L1650"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1637-L1650"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f410882e4c6c8b65e7d3c192cf94bf99d61cf54dc21d80cdf17193b34752c576"
 		score = 75
 		quality = 75
@@ -246478,8 +250696,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Fscan : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1652-L1666"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1652-L1666"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b107eb767454c4c084a7237c107c8414bdb03c324902769ac544c5903e346e17"
 		score = 75
 		quality = 75
@@ -246508,8 +250726,8 @@ rule DITEKSHEN_INDICATOR_TOOL_BURTNCIGAR : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1668-L1680"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1668-L1680"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4977332a0b20b300a5fc34f0f8d56221f55b66783853306d803e91701cb7e6ec"
 		score = 75
 		quality = 75
@@ -246536,8 +250754,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Pplblade : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1698-L1722"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1698-L1722"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "da21402b07fcd0358ba630e48ab35956cb7ed8c12836a339c85b2ee5e414543e"
 		score = 75
 		quality = 75
@@ -246576,8 +250794,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpldap : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1724-L1739"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1724-L1739"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "da5db3f2907229dc68e3c6f3351361a4b1fb9fe8afc597c9dfe611f9725c6181"
 		score = 75
 		quality = 75
@@ -246607,8 +250825,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Pandora : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1741-L1755"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1741-L1755"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dd5be3b99b62ec40c242225d9420b9ce299c4f348882b0380289309dfedbc1e8"
 		score = 75
 		quality = 75
@@ -246637,8 +250855,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Havoc : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1757-L1774"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1757-L1774"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c5806deaa57590ebe1923608b9b085460e0edd024721e6e9d7073765a79bf22b"
 		score = 75
 		quality = 75
@@ -246664,8 +250882,8 @@ rule DITEKSHEN_INDICATOR_TOOLS_Localpotato : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1776-L1807"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1776-L1807"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "88fba16a6eec6d2c23331642041c6adfddddeb21ba8e74b6959bd48c90f73cbb"
 		score = 75
 		quality = 73
@@ -246711,8 +250929,8 @@ rule DITEKSHEN_INDICATOR_TOOLS_Edrsandblast : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1809-L1831"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1809-L1831"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b801f053e42fbd646cf62fecf6cbf5f2cceeec82bed93ecd8625984eccb08c6"
 		score = 75
 		quality = 75
@@ -246749,8 +250967,8 @@ rule DITEKSHEN_INDICATOR_TOOLS_Rsockstun : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1833-L1845"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1833-L1845"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ad0ac389bf8961b0dd987a72d5dd534e5e3cc673f0e07aa49d39d1fd3f5f53e"
 		score = 75
 		quality = 75
@@ -246777,8 +250995,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Scmaldevinj_Go : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1847-L1857"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1847-L1857"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "48c3c759283c63a0c439cfba0194da89f402189e4c3cd831c22b5078ccae47b1"
 		score = 75
 		quality = 75
@@ -246803,8 +251021,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Reversessh_Go : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1859-L1868"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1859-L1868"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4f9899aacc09c7da05fb5d412cfe8e91ee0d8e922189a6f921410d73ae8b3a9c"
 		score = 75
 		quality = 75
@@ -246828,8 +251046,8 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpghosttask : FILE
 		date = "2024-01-23"
 		modified = "2024-01-23"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_tools.yar#L1870-L1881"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_tools.yar#L1870-L1881"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3de8d9fe7804e208ff556b6bedbd80eebfda1a730626403418a555ad9fbbb820"
 		score = 75
 		quality = 75
@@ -246853,11 +251071,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Reflectiveloader : FILE
 		description = "Detects Reflective DLL injection artifacts"
 		author = "ditekSHen"
 		id = "b7bd9184-48f8-5ad8-a234-632e4ec9814d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L29-L43"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L29-L43"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "540a48f98652c84b09f1076c2e2fca680781f533c936d602809179469a850ba0"
 		score = 40
 		quality = 45
@@ -246880,11 +251098,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_Archive : FILE
 		description = "Detects images embedding archives. Observed in TheRat RAT."
 		author = "ditekSHen"
 		id = "2c8e15dc-2e84-5f9b-b538-cba204a3d38c"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L45-L66"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L45-L66"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0e61bc2489a54047c66a659ae2cb6df66683845676e1c02c34d9a0987ddec4bb"
 		score = 40
 		quality = 37
@@ -246918,11 +251136,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Eventviewer : FILE
 		description = "detects Windows exceutables potentially bypassing UAC using eventvwr.exe"
 		author = "ditekSHen"
 		id = "e4e82d5a-a524-5fac-b14c-4e53a95f4f2c"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L68-L77"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L68-L77"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4b893db727ea3ef07805058e9a93664dc01590f249158d9b825cc9cece935640"
 		score = 40
 		quality = 41
@@ -246945,11 +251163,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Cleanmgr : FILE
 		description = "detects Windows exceutables potentially bypassing UAC using cleanmgr.exe"
 		author = "ditekSHen"
 		id = "cebbe22d-d54d-5a1e-978a-37ddd96133b7"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L79-L88"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L79-L88"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9b9e2789bee4f3b54384dabde028a7b6e70b3e0d66090d5141145a72df515db4"
 		score = 40
 		quality = 41
@@ -246972,11 +251190,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Enable_Officemacro : FILE
 		description = "Detects Windows executables referencing Office macro registry keys. Observed modifying Office configurations via the registy to enable macros"
 		author = "ditekSHen"
 		id = "2cd26bc8-33c7-5628-982f-dc59ce158082"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L90-L108"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L90-L108"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "18f66cff1fe2ab32366bf385bfe08f4895071c83e26812709eeb334857754c0f"
 		score = 40
 		quality = 39
@@ -247006,11 +251224,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Disable_Officeprotectedview : FILE
 		description = "Detects Windows executables referencing Office ProtectedView registry keys. Observed modifying Office configurations via the registy to disable ProtectedView"
 		author = "ditekSHen"
 		id = "fed81219-d141-5fbf-a7b6-518e3d4de6f6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L110-L128"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L110-L128"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "14b2c19ec1f1ade9285f9e73a8779865c1e09d5ad1df2e0469b5f4a5eb278110"
 		score = 40
 		quality = 39
@@ -247040,11 +251258,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Sandboxproductid : FILE
 		description = "Detects binaries and memory artifacts referencing sandbox product IDs"
 		author = "ditekSHen"
 		id = "5af0ace7-6ffb-5695-94c5-d8172d326662"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L130-L149"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L130-L149"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3a047ef7e70956e1c2222bde47036d7fff6d98cd8a5df81ea85584a3b5006d4a"
 		score = 40
 		quality = 45
@@ -247077,11 +251295,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE
 		description = "Detects AutoHotKey binaries acting as second stage droppers"
 		author = "ditekSHen"
 		id = "ac8320ed-a9e1-5660-a50f-ec010ac162a6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L184-L196"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L184-L196"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8806d8c03adb4ea4cd9b806f8f8c21e561b39b5602c70d09ed193e35e1502d35"
 		score = 40
 		quality = 45
@@ -247107,11 +251325,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCOM : T1218 FILE
 		description = "Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)"
 		author = "ditekSHen"
 		id = "cdcf6e29-6ee7-5ac7-bd52-c8d42f3f8bf6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L198-L213"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L198-L213"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d198db97901475c0dd10603875fc339d8a7c6d40c7f9c22cda31bb0b1d6d0f2a"
 		score = 40
 		quality = 39
@@ -247137,11 +251355,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store : FIL
 		description = "Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers"
 		author = "ditekSHen"
 		id = "07223564-bf4f-5fcd-ad3d-b67eb3baea8e"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L345-L359"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L345-L359"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5350f79b01e8e8ae9e0607aa02965cd9ccc52c59a901abcb51e401476cb0fa3a"
 		score = 40
 		quality = 31
@@ -247169,11 +251387,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients : FILE
 		description = "Detects executables referencing many file transfer clients. Observed in information stealers"
 		author = "ditekSHen"
 		id = "0967c8d6-fc80-5341-9974-c6f16f024c2c"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L418-L472"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L418-L472"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "49daece8c3da43b3dba26ab6f71fa5c27d3a6ab2c0427b3d2613c1feb25458de"
 		score = 40
 		quality = 20
@@ -247241,11 +251459,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Usndeletejournal : FILE
 		description = "Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware"
 		author = "ditekSHen"
 		id = "eafc7ed9-d0e7-562d-8215-6f3feddee27a"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L612-L628"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L612-L628"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1920fc2bc8c3628016bb91403960f5fbb101b5822f553c1f28d9502841a9832c"
 		score = 40
 		quality = 35
@@ -247275,11 +251493,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Geninfostealer : FILE
 		description = "Detects executables containing common artifacts observed in infostealers"
 		author = "ditekSHen"
 		id = "531d8f7f-dee5-5d05-9293-f1ab5d5ac780"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L630-L657"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L630-L657"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f9e6f6b470e010d362db55fcf563f85a3a408ef8331c04a157f2676442b63b1a"
 		score = 40
 		quality = 31
@@ -247320,11 +251538,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE
 		description = "Detects PowerShell scripts containing ASCII encoded files"
 		author = "ditekSHen"
 		id = "df96d801-1a14-58af-b245-3a4a6ccf22c6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L710-L724"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L710-L724"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "037ce50a6c6d2bf25163e658c5a8c18950715a52fcdf47162fcd288306acbf9c"
 		score = 40
 		quality = 45
@@ -247352,11 +251570,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE
 		description = "Detects files utilizing WMIC for whitelisting bypass and downloading second stage payloads"
 		author = "ditekSHen"
 		id = "bdd6deeb-9d43-55ef-9264-652044ba6938"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L765-L776"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L765-L776"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0c665f77659b57770f726297b64780764235ba0e72730c985eea62c116fe97e7"
 		score = 40
 		quality = 45
@@ -247381,11 +251599,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AMSI_Bypass : FILE
 		description = "Detects AMSI bypass pattern"
 		author = "ditekSHen"
 		id = "cdb457b3-1f41-5f58-a482-a00d269c1293"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L778-L791"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L778-L791"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b398c20a0e7b2dff5fab87575c555b657749d7c3b3e8f1a0f99db7e8f669e3ce"
 		score = 40
 		quality = 45
@@ -247412,11 +251630,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_PE_Resourcetuner : FILE
 		description = "Detects executables with modified PE resources using the unpaid version of Resource Tuner"
 		author = "ditekSHen"
 		id = "2ada52b4-de9e-5b66-a05e-da894ca79e48"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L793-L801"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L793-L801"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "25959ba2f974ecdcda624b4b34cd8dac0336af0dd7c88d2e3b17ec94d58b87b8"
 		score = 40
 		quality = 45
@@ -247438,11 +251656,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sectools_B64Encoded : FILE
 		description = "Detects executables referencing many base64-encoded IR and analysis tools names"
 		author = "ditekSHen"
 		id = "2d3c994a-5b7c-52c5-a4a1-e67a773b692b"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L897-L941"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L897-L941"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "20f889c9c50e8c5e55fd7ebe508015b1e72e6f7ef1b410e5e707d554fb8e8588"
 		score = 40
 		quality = 43
@@ -247500,11 +251718,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sandbox_Artifacts : FILE
 		description = "Detects executables referencing sandbox artifacts"
 		author = "ditekSHen"
 		id = "2c0e4d38-8d68-5cd2-9f9e-e56f372b67cf"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L943-L976"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L943-L976"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "3d4a356191ec914eba86e78d3823dd1dc2d18f17074abb9986f3337169821bc6"
 		score = 40
 		quality = 43
@@ -247551,11 +251769,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE
 		description = "Detects executables containing bas64 encoded gzip files"
 		author = "ditekSHen"
 		id = "e50f8560-d53b-5388-b94d-d104b7c064f2"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L978-L987"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L978-L987"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "431e5a45bf8ed5874b330419675b3d43eb6a563c42873730e823cdd7d6efba97"
 		score = 40
 		quality = 45
@@ -247572,45 +251790,17 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE
 import "time"
 import "pe"
 
-rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Rawgithub_URL : FILE
-{
-	meta:
-		description = "Detects executables containing URLs to raw contents of a Github gist"
-		author = "ditekSHen"
-		id = "5c1a9f66-11bd-545c-8cb1-53abd2cd872a"
-		date = "2024-02-22"
-		modified = "2024-02-22"
-		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L989-L999"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
-		logic_hash = "07bde01e3a0f04d6333eade54a813ee0f331607a1b4b9bfcaeebce383e562557"
-		score = 40
-		quality = 45
-		tags = "FILE"
-		importance = 20
-
-	strings:
-		$url1 = "https://gist.githubusercontent.com/" ascii wide
-		$url2 = "https://raw.githubusercontent.com/" ascii wide
-		$raw = "/raw/" ascii wide
-
-	condition:
-		uint16(0)==0x5a4d and (($url1 and $raw) or ($url2))
-}
-import "time"
-import "pe"
-
 rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Passwordcredential_Retrievepassword
 {
 	meta:
 		description = "Detects PowerShell content designed to retrieve passwords from host"
 		author = "ditekSHen"
 		id = "b34599ab-b874-5ea5-990d-bc7593bb08b5"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1046-L1056"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1048-L1058"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f09320d9c4734579a535c7fee993fa076974b13ffd25e0d9ab02bc09663595f8"
 		score = 40
 		quality = 39
@@ -247634,11 +251824,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Envvarscheduledtasks
 		description = "detects Windows exceutables potentially bypassing UAC (ab)using Environment Variables in Scheduled Tasks"
 		author = "ditekSHen"
 		id = "14244310-e524-54bf-8822-9b953378bb75"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1068-L1079"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1070-L1081"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dacca794aefd66526535a87c8890c0ad65550ff88bc0242f05c84c9452a31fe2"
 		score = 40
 		quality = 45
@@ -247663,11 +251853,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Fodhelper
 		description = "detects Windows exceutables potentially bypassing UAC using fodhelper.exe"
 		author = "ditekSHen"
 		id = "0651e428-a2ef-508d-ad89-c68ac758808f"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1081-L1092"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1083-L1094"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ec41ca2185732e418825f7c32095dea361a53e586e498baf4c17eaaf9602ba5e"
 		score = 40
 		quality = 43
@@ -247692,11 +251882,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern
 		description = "Detects files embedding and abusing the finger command for download"
 		author = "ditekSHen"
 		id = "6647b410-c8f0-596b-95d7-dbc6a951a83f"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1106-L1116"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1108-L1118"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "04cbb1abc4c3d2990bae798ece052eb8aa1b5104b5712e98aeb80731316b9c57"
 		score = 40
 		quality = 45
@@ -247720,11 +251910,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCMD : FILE
 		description = "Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF"
 		author = "ditekSHen"
 		id = "7bad57dc-ee8b-559d-8b17-af44c5bdf35b"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1118-L1131"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1120-L1133"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4cb92224d5a520dbd42d00d053aba3da21a49fda9391e5a462fd292d2e87e884"
 		score = 40
 		quality = 41
@@ -247751,11 +251941,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_WMI_Execquery
 		description = "Detects JS potentially executing WMI queries"
 		author = "ditekSHen"
 		id = "28f37b24-8bf3-5f5c-af47-dc6da5f6397a"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1133-L1145"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1135-L1147"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e5145aa3a7ce54cda84929f6806a1d7b1cb37db729bb932c5c76994fb683250e"
 		score = 40
 		quality = 45
@@ -247781,11 +251971,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_XML_Liverpool_Downlaoder_Userconfig : FILE
 		description = "Detects XML files associated with 'Liverpool' downloader containing encoded executables"
 		author = "ditekSHen"
 		id = "b5840af5-a285-53f4-bac7-07821e740089"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1225-L1234"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1227-L1236"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8140c29eb54d8c8786b268d5241fcd221a5fb95433bc1038a7f23295afe8c9b8"
 		score = 40
 		quality = 45
@@ -247808,11 +251998,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Encoded_Useragent : FILE
 		description = "Detects executables containing base64 encoded User Agent"
 		author = "ditekSHen"
 		id = "e6a6eba2-587f-5b6b-b23d-4e4aa5289d1d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1236-L1245"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1238-L1247"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ee06d3d9f2f7a294ce0f117d5838fe86ae77f98da0ba30551b0b42811227b1bd"
 		score = 40
 		quality = 45
@@ -247835,11 +252025,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Winddefender_Antiemaulation : FILE
 		description = "Detects executables containing potential Windows Defender anti-emulation checks"
 		author = "ditekSHen"
 		id = "e7dca0e6-060b-5394-afc5-b3705a51d934"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1247-L1256"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1249-L1258"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "76f8a532a59c2a7fcd45d9f9aed3ea2020889228c81410445728f42b6b9d891e"
 		score = 40
 		quality = 45
@@ -247862,11 +252052,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Attrib : FILE
 		description = "Detects executables using attrib with suspicious attributes attributes"
 		author = "ditekSHen"
 		id = "69925f45-b8a9-516c-857c-7a687b32e0c6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1258-L1266"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1260-L1268"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2d26581037a34f32b3e3aa6df5570f0de0b9e070cbe6190318a99c6f147250d8"
 		score = 40
 		quality = 45
@@ -247888,11 +252078,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Clearmytracksbyprocess : FILE
 		description = "Detects executables calling ClearMyTracksByProcess"
 		author = "ditekSHen"
 		id = "d548cf61-ffb7-5a21-9b76-246f8ffb6ad4"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1268-L1276"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1270-L1278"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "970bdf2cfebc5196204087de134b9d2f032d8074cacbb3b9cc2c859aab3a95fc"
 		score = 40
 		quality = 43
@@ -247914,11 +252104,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dotnetprochook : FILE
 		description = "Detects executables with potential process hoocking"
 		author = "ditekSHen"
 		id = "1c32c7ee-0ac6-50ae-892e-73f46902115d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1278-L1289"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1280-L1291"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e01147886444f8080b7cf7b423dc70b4b08fae6b88a8875eb075530fdb9f7909"
 		score = 40
 		quality = 45
@@ -247943,11 +252133,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Telegramchatbot : FILE
 		description = "Detects executables using Telegram Chat Bot"
 		author = "ditekSHen"
 		id = "bcee52fe-495a-5ea1-bcd9-78b57c992752"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1291-L1306"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1293-L1308"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "40374d9dda3d1896906f342725425860e83fbe6b5b0ac656a7035094e36340c0"
 		score = 40
 		quality = 45
@@ -247976,11 +252166,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Artifacts : FILE
 		description = "Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc."
 		author = "ditekSHen"
 		id = "b76ba291-6af5-5800-a280-c04c84cc3f29"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1308-L1319"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1310-L1321"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "35a7a9c0722d8bd174b272c659e62db3e9f41483dc3a9bf5f339b9066ed06c57"
 		score = 40
 		quality = 45
@@ -248005,11 +252195,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discordurl : FILE
 		description = "Detects executables Discord URL observed in first stage droppers"
 		author = "ditekSHen"
 		id = "d7221bb4-48c5-5d80-ace1-95cf25fb585d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1321-L1336"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1323-L1338"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "7f600215268147f8e18f2b4eb6b2e9ba6dd44ab5603a140d3e1b2bb16ebb29c4"
 		score = 40
 		quality = 37
@@ -248038,11 +252228,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Disablewindefender : FILE
 		description = "Detects executables embedding registry key / value combination indicative of disabling Windows Defender features"
 		author = "ditekSHen"
 		id = "74c82d78-bdb3-54af-b04a-20d66ff123d7"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1446-L1468"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1448-L1470"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5a33052ded0823a8528590bd0da0023024db174f6f6a0766284c3195f5d3d41f"
 		score = 40
 		quality = 33
@@ -248078,11 +252268,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Iexecutecommandcom : FILE
 		description = "Detects executables embedding command execution via IExecuteCommand COM object"
 		author = "ditekSHen"
 		id = "4bc7e6aa-1771-5c33-bc62-71072dec04cb"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1470-L1484"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1472-L1486"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "269109f96f3fca5eacc19664b7b0c7f970131db29c47bfe1e9e67e56604bf1c1"
 		score = 40
 		quality = 43
@@ -248110,11 +252300,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_WMI_Enumeratevideodevice : FILE
 		description = "Detects executables attemping to enumerate video devices using WMI"
 		author = "ditekSHen"
 		id = "6d4ede5e-4ec5-5753-bd50-8e129ac532a4"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1486-L1500"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1488-L1502"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8ef63d7a569ee1530a23d151ee394969f4b3b6bac28ed571f48e3f97b87d020a"
 		score = 40
 		quality = 41
@@ -248142,11 +252332,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dcratby : FILE
 		description = "Detects executables containing the string DcRatBy"
 		author = "ditekSHen"
 		id = "d8408cc0-0245-59b7-9134-1f4edd811df7"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1502-L1510"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1504-L1512"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1a0f863fb71c84a9a01c3f07da0fdff9ea06b061f85532ac523d6a5d1e0e1e11"
 		score = 40
 		quality = 45
@@ -248168,11 +252358,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Winjail : FILE
 		description = "Detects executables potentially checking for WinJail sandbox window"
 		author = "ditekSHen"
 		id = "f3a3d099-7659-50aa-8dca-3a2b1c18c3b5"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1512-L1520"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1514-L1522"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ae8080dad4481b6a2e295c29d3ed24e86da83575e1a5aeda8b1317e6caa74707"
 		score = 40
 		quality = 45
@@ -248194,11 +252384,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Oldcopypaste : FILE
 		description = "Detects executables potentially checking for WinJail sandbox window"
 		author = "ditekSHen"
 		id = "10a70ad3-c37e-5522-ae3f-3f85f89f9394"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1522-L1541"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1524-L1543"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "084a1613eaf1df4cd54c44e4389b9edc1c44b4b947a8c4416cb7cbdabc186747"
 		score = 40
 		quality = 45
@@ -248231,11 +252421,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Go_Golazagne : FILE
 		description = "Detects Go executables using GoLazagne"
 		author = "ditekSHen"
 		id = "3b54892d-8015-518c-af0b-03ddd65478f6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1543-L1552"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1545-L1554"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9618f8a6eb9a5db01b7a58a469309220b1e22afe928006d642e5404380f312f1"
 		score = 40
 		quality = 45
@@ -248258,11 +252448,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_CSPROJ : FILE
 		description = "Detects suspicious .CSPROJ files then compiled with msbuild"
 		author = "ditekSHen"
 		id = "99f9fbd0-9435-511a-b9f5-7ea11e655b79"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1554-L1566"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1556-L1568"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "e41c82ab0da47192463f76192ea7748dfcf59193475871daf1a7a4ff2fda4d52"
 		score = 40
 		quality = 45
@@ -248288,11 +252478,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Sandbox_Evasion_Filescomb : FILE
 		description = "Detects executables referencing specific set of files observed in sandob anti-evation, and Emotet"
 		author = "ditekSHen"
 		id = "04108277-03ac-5479-ac9f-0c7377dc70b8"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1692-L1709"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1694-L1711"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d9f235e212e75cef51e3321f49968c75523304dc94a2b7cf3965c9f88d039b43"
 		score = 40
 		quality = 23
@@ -248323,11 +252513,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Virtdrvcomb : FILE
 		description = "Detects executables referencing combination of virtualization drivers"
 		author = "ditekSHen"
 		id = "88f271d5-07a3-5ca6-9536-4f68bccf49bc"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1711-L1755"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1713-L1757"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a7bbd05e17b8a111b841ed2a86b4794cde8972a673acf331d800029e54d8f602"
 		score = 40
 		quality = 43
@@ -248380,11 +252570,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Nonewindowsua : FILE
 		description = "Detects Windows executables referencing non-Windows User-Agents"
 		author = "ditekSHen"
 		id = "3bf62a67-4c21-5bcc-a356-424e798141f1"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1757-L1782"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1759-L1784"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "fb65643fd93ce4dbec0f98259b3dacda748a3f62f71258726073fdb3e354ab42"
 		score = 40
 		quality = 45
@@ -248422,11 +252612,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Toomanywindowsua : FILE
 		description = "Detects executables referencing many varying, potentially fake Windows User-Agents"
 		author = "ditekSHen"
 		id = "28dba61e-b2da-5708-b82f-a139d0929a7d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1784-L1808"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1786-L1810"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a79ea9b8471148176c210fe834e7b2f0549291956489e2853235a75ea3e4e1db"
 		score = 40
 		quality = 45
@@ -248464,11 +252654,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Macaddrcomb : FILE
 		description = "Detects executables referencing virtualization MAC addresses"
 		author = "ditekSHen"
 		id = "7e399d31-090a-57f7-89fa-0a2c4e563283"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1810-L1825"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1812-L1827"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "53a87bffc327c38545d9f213834726af9a1fbe86f273e189dc355567e6a671bf"
 		score = 40
 		quality = 29
@@ -248497,11 +252687,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discord_Regex : FILE
 		description = "Detects executables referencing Discord tokens regular expressions"
 		author = "ditekSHen"
 		id = "4c508cae-bb25-549b-8f35-a6a22928a9a3"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1888-L1896"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1890-L1898"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "b6be1dd8e25311442a59ee2afbd99f6e9663dd06919c07269b76238af0bbd5f2"
 		score = 40
 		quality = 43
@@ -248523,11 +252713,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_VPN : FILE
 		description = "Detects executables referencing many VPN software clients. Observed in infosteslers"
 		author = "ditekSHen"
 		id = "301977a8-0619-50a2-a718-78ff9e039e65"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1898-L1912"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1900-L1914"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "5bef727d3c6fa7ea01c16e7b1fdf146b4cef58c06189bf8540bbfe7915790578"
 		score = 40
 		quality = 31
@@ -248555,11 +252745,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Vaultschemaguid : FILE
 		description = "Detects executables referencing Windows vault credential objects. Observed in infostealers"
 		author = "ditekSHen"
 		id = "440ac8a8-19c9-5284-a8e2-e0f2e8892a5e"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1928-L1951"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1930-L1953"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "121a51bbb749cc86d50fd5f79d7a24fbbb3e589e2fb25c553764a16202ff4065"
 		score = 40
 		quality = 45
@@ -248588,11 +252778,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_UNK01 : FILE
 		description = "Detects memory artifacts referencing specific combination of anti-VM checks"
 		author = "ditekSHen"
 		id = "57344ff4-5204-535a-a128-0f9f7eb7c760"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1953-L1975"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1955-L1977"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c34b23e26df0d33d60cf87e406dfbc90f9fd6df0da4415b6622d477cf38bc024"
 		score = 40
 		quality = 45
@@ -248628,11 +252818,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_WMIC : FILE
 		description = "Detects memory artifacts referencing WMIC commands for anti-VM checks"
 		author = "ditekSHen"
 		id = "f7166171-15b7-5e11-bbec-355764e58caa"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1977-L1987"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1979-L1989"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2c26ea8b008bf9cb4d8e24c909a3c6f5d67783b483747268f949fadc3fa72532"
 		score = 40
 		quality = 39
@@ -248656,11 +252846,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablesmbv1 : FILE
 		description = "Detects binaries with PowerShell command enabling SMBv1"
 		author = "ditekSHen"
 		id = "cb3b43f3-8f45-5e4e-8e5e-9bfb89e842d3"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1989-L1997"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L1991-L1999"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "68eb41d843b39e784d99153607c1deecdb5258cdbf641e2dd177c364847d85b1"
 		score = 40
 		quality = 43
@@ -248682,11 +252872,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablenetworkdiscovery : FILE
 		description = "Detects binaries manipulating Windows firewall to enable permissive network discovery"
 		author = "ditekSHen"
 		id = "b1203e7a-b4f3-587e-aaea-a4cccaedc07d"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L1999-L2008"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2001-L2010"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6c28a33849d1c6c72b65926a81e96f0e3f5b9bb0a48739bf4240a16f6a10dcea"
 		score = 40
 		quality = 41
@@ -248709,11 +252899,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Authapps : FILE
 		description = "Detects executables referencing many authentication apps. Observed in information stealers"
 		author = "ditekSHen"
 		id = "b2c1307d-ac4a-567f-ab14-7c65e16d984e"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2010-L2019"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2012-L2021"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9c730ba532dca023821fd9073bffeecf099a2a956b7715421bd0b4e5e5d4b2cf"
 		score = 40
 		quality = 41
@@ -248736,11 +252926,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Undocumented_Winapi_Kerberos : FILE
 		description = "Detects executables referencing undocumented kerberos Windows APIs and obsereved in malware"
 		author = "ditekSHen"
 		id = "1eb7faab-66b8-5d98-b6a8-75a078c2f6f8"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2052-L2066"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2054-L2068"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "19f22dcbc63723624d92be22cd69dcbab03a0b46299d43bc50ba73c79e573596"
 		score = 40
 		quality = 35
@@ -248764,11 +252954,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_NKN_BCP2P : FILE
 		description = "Detects executables referencing NKN Blockchain P2P network"
 		author = "ditekSHen"
 		id = "21aa4034-8c8f-515e-b8a4-4ce32ad816a6"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2068-L2084"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2070-L2086"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "98161fcac130ba758bd9f8c4bc7133b9ba862df61dd86ad7d0ecbb0f18813a5e"
 		score = 40
 		quality = 45
@@ -248798,11 +252988,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Passwordmanagers : FILE
 		description = "Detects executables referencing many Password Manager software clients. Observed in infostealers"
 		author = "ditekSHen"
 		id = "4da7bf22-fdd7-53b7-bdfc-da7ac5657f6f"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2086-L2097"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2088-L2099"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "6d2f7739282611166a7e06d96345c46df92500b387d9f940169d5ee6664ea5ad"
 		score = 40
 		quality = 37
@@ -248827,11 +253017,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Wirelessnetreccon : FILE
 		description = "Detects executables with interest in wireless interface using netsh"
 		author = "ditekSHen"
 		id = "15515523-fe53-5512-95f3-79d0695e7da0"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2099-L2109"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2101-L2111"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a8614a8c11e3797e7d7fb7ec2c0705fafc98ce50714e48798594e6fb5bfc1789"
 		score = 40
 		quality = 39
@@ -248855,11 +253045,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Gitconfdata : FILE
 		description = "Detects executables referencing potentially confidential GIT artifacts. Observed in infostealer"
 		author = "ditekSHen"
 		id = "5462491b-f1cf-55ae-b120-ed09eb9549bc"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2111-L2123"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2113-L2125"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d8b370ea31fade4f6f4ae12903e40026d806862f6c4a7b5818e3942b6b849fd2"
 		score = 40
 		quality = 41
@@ -248885,11 +253075,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Reversed : FILE
 		description = "Detects reversed executables. Observed N-stage drop"
 		author = "ditekSHen"
 		id = "765b1983-8831-5f7d-9cbd-90af0cd452f7"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2125-L2133"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2127-L2135"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4d031f59b201f5c5c9b69bbbe277cc10c3b5ed8427c5c2f679fdd33c8bc41501"
 		score = 40
 		quality = 45
@@ -248911,11 +253101,11 @@ rule DITEKSHEN_INDICATOR_SUSPICOUS_EXE_UNC_Regex : FILE
 		description = "Detects executables with considerable number of regexes often observed in infostealers"
 		author = "ditekSHen"
 		id = "968ed633-46ed-5efe-84e5-64718f89fb0a"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2277-L2306"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2279-L2308"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9201469952c2cacebbcbf6801e2c22d018f36742ffbefedc8ee4aa34f413334a"
 		score = 75
 		quality = 73
@@ -248958,11 +253148,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleterecentitems : FILE
 		description = "Detects executables embedding anti-forensic artifacts of deleting Windows Recent Items"
 		author = "ditekSHen"
 		id = "58a14ad6-8f32-54d8-b343-88629af8810b"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2308-L2319"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2310-L2321"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "01efada47910a345e7bde4e9295754aefec38355193f45c4630f55050d835cd9"
 		score = 40
 		quality = 37
@@ -248987,11 +253177,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deletewindefenderquarantinefiles : FILE
 		description = "Detects executables embedding anti-forensic artifacts of deleting Windows defender quarantine files"
 		author = "ditekSHen"
 		id = "a2b5c531-4e51-5c44-838b-3dffc2ed0263"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2321-L2335"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2323-L2337"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "1cf82a8fb6c878cb3aaeaf36eb346b2f8038e166e8ce7b5c214769e475ae91de"
 		score = 40
 		quality = 29
@@ -249019,11 +253209,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleteshimcache : FILE
 		description = "Detects executables embedding anti-forensic artifacts of deleting shim cache"
 		author = "ditekSHen"
 		id = "32b185f2-a11e-522e-822e-7023698975f8"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2337-L2348"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2339-L2350"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "4ecd9e4db082a464735e447f95175ec5b35164d42fce7be862400191c143aa23"
 		score = 40
 		quality = 37
@@ -249048,11 +253238,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Shredfilesteps : FILE
 		description = "Detects executables embedding/copying file shredding steps"
 		author = "ditekSHen"
 		id = "2a4ac767-8946-5e58-9087-aa1d3a97b5d5"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2350-L2363"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2352-L2365"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9e784c1d06b232ac2de7318854a59b237aeb88d8e6670fe4ecc9f3230310088a"
 		score = 40
 		quality = 45
@@ -249079,11 +253269,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturescreenshot
 		description = "Detects PowerShell script with screenshot capture capability"
 		author = "ditekSHen"
 		id = "d769936a-a81d-5052-8b1b-7bd5a73b41db"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2365-L2377"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2367-L2379"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "26e02d7dc242fb2c913b3a7c07e92c84becad62a4cdbae781bce948bfe0eb81b"
 		score = 40
 		quality = 45
@@ -249109,11 +253299,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturebrowserplugins
 		description = "Detects PowerShell script with browser plugins capture capability"
 		author = "ditekSHen"
 		id = "9b1bb195-6e32-5f93-ba70-efcb21b26bb0"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2379-L2392"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2381-L2394"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "ac7be8663507e96ecb224f7f09f9092069eab5967598e33c107fa341de86bc77"
 		score = 40
 		quality = 45
@@ -249140,11 +253330,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_B64_EXE : FILE
 		description = "Detects images with specific base64 markers and/or embedding (reversed) base64-encoded executables"
 		author = "ditekSHen"
 		id = "c620b461-5ad8-530b-a3e1-f75a9e30534e"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2394-L2411"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2396-L2413"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0fe1328aba3b30820e3885c87a93e52306bd25abc5912378a12e1213a686cd39"
 		score = 40
 		quality = 45
@@ -249175,11 +253365,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Transfersh_URL : FILE
 		description = "Detects files referencing the transfer.sh file sharing website"
 		author = "ditekSHen"
 		id = "15c6ba05-199d-52ba-98bf-7e8a8eda0295"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2413-L2421"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2415-L2423"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "45b16f853bcd9c492468bc478d0a7eeecd261ae47b5b00bb1e4a79788fdec7a1"
 		score = 40
 		quality = 43
@@ -249201,11 +253391,11 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Publicserviceinterface : FILE
 		description = "Detect executables referencing public and free service interface testing and dev services as means of CnC"
 		author = "ditekSHen"
 		id = "f6ac752b-0afc-5834-82b4-4dbcfded2f3a"
-		date = "2024-02-22"
-		modified = "2024-02-22"
+		date = "2024-06-08"
+		modified = "2024-06-08"
 		reference = "https://github.com/ditekshen/detection"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_suspicious.yar#L2448-L2459"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_suspicious.yar#L2450-L2461"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "2a7b4fe7ddb41a7ae895a2ac8e9bb5eda61f5b86ca35575be32d65611e2d0a9e"
 		score = 40
 		quality = 37
@@ -249232,8 +253422,8 @@ rule DITEKSHEN_INDICATOR_RMM_Meshagent : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L3-L27"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L3-L27"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f36c0e23b20e4466100cf4ea2a91515bf1d54505e7b1f0926a4e416a04e0dbcf"
 		score = 75
 		quality = 75
@@ -249268,8 +253458,8 @@ rule DITEKSHEN_INDICATOR_RMM_Meshagent_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L29-L42"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L29-L42"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "d8ac3aec723a87146be99aefbde5642d095d8d41f69c6f5e9981c39104790d33"
 		score = 75
 		quality = 75
@@ -249289,8 +253479,8 @@ rule DITEKSHEN_INDICATOR_RMM_Connectwise_Screenconnect : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L62-L83"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L62-L83"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "43003f97c33c631a2806ce2b82b2367d2452ceb21b0267b5dfe78b350b66924a"
 		score = 75
 		quality = 75
@@ -249322,8 +253512,8 @@ rule DITEKSHEN_INDICATOR_RMM_Connectwise_Screenconnect_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L85-L99"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L85-L99"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "14291bd9ddb7fd3ee7932f8104687aae58fe7f5de13726153e5e1ee9c211f598"
 		score = 75
 		quality = 75
@@ -249343,8 +253533,8 @@ rule DITEKSHEN_INDICATOR_RMM_Fleetdeck_Agent : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L101-L123"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L101-L123"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "121e59ea0088c519b618e740b57c560d60cced4a48c9d468e6bf1ab22fa8c8ff"
 		score = 75
 		quality = 75
@@ -249377,8 +253567,8 @@ rule DITEKSHEN_INDICATOR_RMM_Fleetdeck_Commander : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L125-L143"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L125-L143"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "feee888c6649af0d8e8b08a38dda0bf7970089cf064f58b8bd9c6ebd8378e094"
 		score = 75
 		quality = 75
@@ -249407,8 +253597,8 @@ rule DITEKSHEN_INDICATOR_RMM_Fleetdeck_Commander_SVC : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L145-L162"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L145-L162"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "20bd69df3d058c24f83af312671cf249a3f26f54ef2e60f6b5b48a5bdb21b68b"
 		score = 75
 		quality = 75
@@ -249436,8 +253626,8 @@ rule DITEKSHEN_INDICATOR_RMM_Fleetdeck_Commander_Launcher : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L164-L178"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L164-L178"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "9429f55f162eebc58a7a9af8706244438cb76b1f0987facbb52d29997ed48b95"
 		score = 75
 		quality = 75
@@ -249462,8 +253652,8 @@ rule DITEKSHEN_INDICATOR_RMM_Fleetdeck_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L180-L198"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L180-L198"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8f72713eb4a5d9d32629351b937eee7de5d83abe1cd409cd8c3a8c9c52e6e490"
 		score = 75
 		quality = 75
@@ -249483,8 +253673,8 @@ rule DITEKSHEN_INDICATOR_RMM_Pdqconnect_Agent : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L200-L227"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L200-L227"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "34d0b07925551d1b08b86aa226c59aba569b6548cfa00a86ce6b1f271e427662"
 		score = 75
 		quality = 75
@@ -249522,8 +253712,8 @@ rule DITEKSHEN_INDICATOR_RMM_Pdqconnect_Agent_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L229-L243"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L229-L243"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "373a32b8bfd8c4295ba0c0302a217ccfbb7c7c616f91035097adbc5384b8afdb"
 		score = 75
 		quality = 75
@@ -249543,8 +253733,8 @@ rule DITEKSHEN_INDICATOR_RMM_Pulseway_Pcmontasksrv : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L245-L266"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L245-L266"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "80ba217960dd1ddeb220545c1cccbe96d9b676d327364e1ca8a9dde2b059261f"
 		score = 75
 		quality = 75
@@ -249576,8 +253766,8 @@ rule DITEKSHEN_INDICATOR_RMM_Pulseway_Remotedesktop : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L268-L286"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L268-L286"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a542c11f21ab48f4da69df4e7cb46531658a714687e2c2f8ccf78dc2a0338b68"
 		score = 75
 		quality = 75
@@ -249606,8 +253796,8 @@ rule DITEKSHEN_INDICATOR_RMM_Pulseway_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L288-L302"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L288-L302"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "c667caa9b7de4b166630c66e5162071948fa93c68b1cdb3038fce28e13dcb1a9"
 		score = 75
 		quality = 75
@@ -249627,8 +253817,8 @@ rule DITEKSHEN_INDICATOR_RMM_Manageengine_Zohomeeting : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L304-L324"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L304-L324"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "8066bcd17245efcc73f2bef7f022ad23ab648fe0ad15ca66c0d387ce4eda998b"
 		score = 75
 		quality = 75
@@ -249659,8 +253849,8 @@ rule DITEKSHEN_INDICATOR_RMM_Atera : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L345-L366"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L345-L366"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "dbc37a941b38d36ea9bc31880c3cba6cd2b88b534583e86741f7686fcb410235"
 		score = 75
 		quality = 75
@@ -249692,8 +253882,8 @@ rule DITEKSHEN_INDICATOR_RMM_Atera_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L368-L383"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L368-L383"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f51fef767cd529271f06d578146634e1ab5ee5ac3ffb829cbaa870e7c69ca3f6"
 		score = 75
 		quality = 75
@@ -249714,8 +253904,8 @@ rule DITEKSHEN_INDICATOR_RMM_Splashtopstreamer : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L385-L403"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L385-L403"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "67181cd6ae071074c6bf35f44963c11c9ee9b7df242027c15b1e165d108f7b98"
 		score = 75
 		quality = 75
@@ -249744,8 +253934,8 @@ rule DITEKSHEN_INDICATOR_RMM_Splashtopstreamer_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L405-L419"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L405-L419"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "0a1225a79ff30678846b9cb4315419be04b46276b3e05310a21d088b30f01b72"
 		score = 75
 		quality = 75
@@ -249765,8 +253955,8 @@ rule DITEKSHEN_INDICATOR_RMM_Aeroadmin : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L421-L442"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L421-L442"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "a0a9e15f31b6b06fbc749b863563c30351c775c1b1d17952013670e7e1d68c41"
 		score = 75
 		quality = 75
@@ -249798,8 +253988,8 @@ rule DITEKSHEN_INDICATOR_RMM_Aeroadmin_CERT : FILE
 		date = "2023-11-16"
 		modified = "2023-11-16"
 		reference = "https://www.cisa.gov/sites/default/files/2023-08/JCDC_RMM_Cyber_Defense_Plan_TLP_CLEAR_508c_1.pdf"
-		source_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/yara/indicator_rmm.yar#L444-L461"
-		license_url = "https://github.com/ditekshen/detection/blob/7c2d40d839ad010072e1def7752780d41da1eba3/LICENSE.txt"
+		source_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/yara/indicator_rmm.yar#L444-L461"
+		license_url = "https://github.com/ditekshen/detection/blob/2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6/LICENSE.txt"
 		logic_hash = "f1fe2d2bb6a8afd25fc5ee7a60fe5a931484591bafab24c5d488c7f0483e248a"
 		score = 75
 		quality = 75
@@ -249813,7 +254003,7 @@ rule DITEKSHEN_INDICATOR_RMM_Aeroadmin_CERT : FILE
  * YARA Rule Set
  * Repository Name: WithSecureLabs
  * Repository: https://github.com/WithSecureLabs/iocs
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -250068,7 +254258,7 @@ rule WITHSECURELABS_SILKLOADER
  * YARA Rule Set
  * Repository Name: HarfangLab
  * Repository: https://github.com/HarfangLab/iocs
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: f679751df7994790f9f79629d60b3f2623148255
  * Number of Rules: 12
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -250464,7 +254654,7 @@ rule HARFANGLAB_Allasenhamaycampaign_Allasenha
  * YARA Rule Set
  * Repository Name: Signature Base
  * Repository: https://github.com/Neo23x0/signature-base
- * Retrieval Date: 2024-06-02
+ * Retrieval Date: 2024-06-16
  * Git Commit: 6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a
  * Number of Rules: 4550
  * Skipped: 0 (age), 11 (quality), 4 (score), 0 (importance)
@@ -327948,7 +332138,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE
 		description = "Energetic Bear API Hashing Tool"
 		author = "CERT RE Team"
 		id = "4e58800a-9618-5d8b-954c-e843be6002c2"
-		date = "2024-02-02"
+		date = "2024-02-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
 		source_url = "https://github.com/Neo23x0/signature-base/blob/6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a/yara/apt_ta17_293A.yar#L77-L93"
diff --git a/third_party/yara/bartblaze/RELEASE b/third_party/yara/bartblaze/RELEASE
index fab529675..5cd98562a 100644
--- a/third_party/yara/bartblaze/RELEASE
+++ b/third_party/yara/bartblaze/RELEASE
@@ -1,3 +1 @@
-/tmp/tmp.dxdSSSmhxM ~/src/bincapz/third_party/yara
-dd8cfd8c456159c7201f5d4209fe007dfff1636e
-~/src/bincapz/third_party/yara
+59e9921bc4b9870017d0e9696bcbf4544f4c0a3e
diff --git a/third_party/yara/update.sh b/third_party/yara/update.sh
index d3c106b93..b2c5ce99f 100755
--- a/third_party/yara/update.sh
+++ b/third_party/yara/update.sh
@@ -21,9 +21,9 @@ git_clone() {
 	local repo=$1
 	local dir="${tmpdir}"
 	git clone "${repo}" "${dir}"
-	pushd "${dir}" || exit 1
+	pushd "${dir}" >/dev/null || exit 1
 	git rev-parse HEAD
-	popd || exit 1
+	popd >/dev/null || exit 1
 }
 
 # fixup_rules fixes rules up, including lightly obfuscating them to avoid XProtect from matching bincapz