diff --git a/emmenhtal/yara emmenhtalv2 b/emmenhtal/yara emmenhtalv2
new file mode 100644
index 0000000..d85aaae
--- /dev/null
+++ b/emmenhtal/yara emmenhtalv2
@@ -0,0 +1,19 @@
+rule Windows_Trojan_Emmenhtalv2 : malware {
+ meta:
+ description = "Emmenhtal new version, data stage"
+ researcher = "Alexandre MATOUSEK"
+ source = "OCD"
+ creation_date = "18/12/2024"
+ os = "Windows"
+ category = "Trojan"
+ threat_name = "Windows.Trojan.Emmenhtal"
+ strings:
+ $ = ""
+ $ = ""
+ $ = " = document.documentElement.outerHTML;"
+ $ = ""
+ $ = ""
+ condition:
+ all of them
+}