Mirrors/reversinglabs-reversinglabs-yara-rules
1
0
Fork 0
mirror of https://github.com/reversinglabs/reversinglabs-yara-rules synced 2026-06-08 17:57:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added new YARA rules.

Browse Source
This commit is contained in:
Threat Analyst
2020-07-10 19:11:22 +02:00
parent f38190f1df
commit b95d1e6bee
132 changed files with 924 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
yara/exploit/Win32.Exploit.CVE20200601.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Exploit_CVE20200601 : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "EXPLOIT"
description = "Yara rule that detects CVE-2020-0601 exploit."
tc_detection_type = "Exploit"
tc_detection_name = "CVE-2020-0601"
tc_detection_factor = 5
yara/infostealer/Win32.Infostealer.MultigrainPOS.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Infostealer_MultigrainPOS : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects MultigrainPOS infostealer."
tc_detection_type = "Infostealer"
tc_detection_name = "MultigrainPOS"
tc_detection_factor = 5
yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Infostealer_ProjectHookPOS : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects ProjectHookPOS infostealer."
tc_detection_type = "Infostealer"
tc_detection_name = "ProjectHookPOS"
tc_detection_factor = 5
yara/ransomware/Linux.Ransomware.KillDisk.yara
+7
View File
@@ -3,6 +3,13 @@ rule Linux_Ransomware_KillDisk : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects KillDisk ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "KillDisk"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.5ss5c.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_5ss5c : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects 5ss5c ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "5ss5c"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.ASN1Encoder.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_ASN1Encoder : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects ASN1Encoder ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "ASN1Encoder"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Afrodita.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Afrodita : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Afrodita ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Afrodita"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ako.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ako : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ako ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ako"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Archiveus.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Ransomware_Archiveus : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Archiveus ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Archiveus"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Armage.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Armage : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Armage ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Armage"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Atlas.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Atlas : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Atlas ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Atlas"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.BKRansomware.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_BKRansomware : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects BKRansomware ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "BKRansomware"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.BadBlock.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_BadBlock : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects BadBlock ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "BadBlock"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.BandarChor.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_BandarChor : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects BandarChor ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "BandarChor"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.BitCrypt.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Ransomware_BitCrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects BitCrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "BitCrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Blitzkrieg.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Blitzkrieg : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Blitzkrieg ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Blitzkrieg"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.BrainCrypt.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_BrainCrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects BrainCrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "BrainCrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Buran.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Buran : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Buran ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Buran"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Clop.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Clop : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Clop ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Clop"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Cryakl.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Cryakl : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Cryakl ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Cryakl"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Crypmic.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Crypmic : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Crypmic ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Crypmic"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Crypren.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Crypren : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Crypren ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Crypren"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.CryptoBit.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoBit : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects CryptoBit ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "CryptoBit"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.CryptoFortress.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoFortress : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects CryptoFortress ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "CryptoFortress"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.CryptoJoker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoJoker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects CryptoJoker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "CryptoJoker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.CryptoLocker.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Ransomware_CryptoLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects CryptoLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "CryptoLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.CryptoWall.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Ransomware_CryptoWall : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects CryptoWall ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "CryptoWall"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Crysis.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Crysis : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Crysis ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Crysis"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Cuba.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Cuba : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Cuba ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Cuba"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.DMALocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_DMALocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects DMALocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "DMALocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.DMR.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_DMR : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects DMR ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "DMR"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Defray.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Defray : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Defray ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Defray"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Delphimorix.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Delphimorix : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Delphimorix ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Delphimorix"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.DenizKizi.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_DenizKizi : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects DenizKizi ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "DenizKizi"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.DesuCrypt.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_DesuCrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects DesuCrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "DesuCrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Dharma.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Dharma : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Dharma ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Dharma"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara
+7
View File
@@ -5,6 +5,13 @@ rule Win32_Ransomware_DirtyDecrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects DirtyDecrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "DirtyDecrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.District.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_District : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects District ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "District"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Erica.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Erica : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Erica ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Erica"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.FCT.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_FCT : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects FCT ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "FCT"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.FLKR.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_FLKR : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects FLKR ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "FLKR"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Fantom.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Fantom : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Fantom ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Fantom"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.FenixLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_FenixLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects FenixLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "FenixLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ferrlock.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ferrlock : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ferrlock ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ferrlock"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.GandCrab.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_GandCrab : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects GandCrab ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "GandCrab"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_GarrantyDecrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects GarrantyDecrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "GarrantyDecrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Gibon.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Gibon : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Gibon ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Gibon"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.GlobeImposter.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_GlobeImposter : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects GlobeImposter ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "GlobeImposter"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Good.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Good : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Good ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Good"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Gpcode.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_GPCode : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Gpcode ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "GPCode"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.HDDCryptor.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_HDDCryptor : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects HDDCryptor ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "HDDCryptor"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.HDMR.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_HDMR : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects HDMR ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "HDMR"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Hermes.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Hermes : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Hermes ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Hermes"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.HydraCrypt.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_HydraCrypt : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects HydraCrypt ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "HydraCrypt"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.IFN643.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_IFN643 : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects IFN643 ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "IFN643"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.JSWorm.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_JSWorm : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects JSWorm ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "JSWorm"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Jamper.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Jamper : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Jamper ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Jamper"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Jemd.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Jemd : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Jemd ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Jemd"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Kangaroo.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Kangaroo : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Kangaroo ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Kangaroo"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.KillDisk.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_KillDisk : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects KillDisk ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "KillDisk"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Kovter.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Kovter : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Kovter ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Kovter"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Kraken.yara
+7
View File
@@ -3,6 +3,13 @@ rule Linux_Ransomware_Kraken : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Kraken ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Kraken"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ladon.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ladon : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ladon ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ladon"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.LeChiffre.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_LeChiffre : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects LeChiffre ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "LeChiffre"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.LockBit.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_LockBit : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects LockBit ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "LockBit"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.LooCipher.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_LooCipher : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects LooCipher ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "LooCipher"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.MZP.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_MZP : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects MZP ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "MZP"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Mafia.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Mafia : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Mafia ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Mafia"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Magniber.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Magniber : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Magniber ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Magniber"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Maktub.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Maktub : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Maktub ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Maktub"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.MarsJoke.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_MarsJoke : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects MarsJoke ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "MarsJoke"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Matsnu.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Matsnu : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Matsnu ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Matsnu"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.MedusaLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_MedusaLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects MedusaLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "MedusaLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Montserrat.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Montserrat : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Montserrat ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Montserrat"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.NanoLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_NanoLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects NanoLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "NanoLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Nefilim.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Nefilim : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Nefilim ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Nefilim"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Nemty.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Nemty : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Nemty ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Nemty"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.NotPetya.yara
+7
View File
@@ -4,6 +4,13 @@ rule Win32_Ransomware_NotPetya : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects NotPetya ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "NotPetya"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.OphionLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_OphionLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects OphionLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "OphionLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ouroboros.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ouroboros : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ouroboros ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ouroboros"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.PXJ.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_PXJ : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects PXJ ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "PXJ"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Pacman.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Pacman : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Pacman ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Pacman"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Paradise.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Paradise : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Paradise ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Paradise"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Petya.yara
+7
View File
@@ -6,6 +6,13 @@ rule Win32_Ransomware_Petya : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Petya ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Petya"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.PrincessLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_PrincessLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects PrincessLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "PrincessLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.RagnarLocker.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_RagnarLocker : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects RagnarLocker ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "RagnarLocker"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ragnarok.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ragnarok : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ragnarok ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ragnarok"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ransoc.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ransoc : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ransoc ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ransoc"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.RansomPlus.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_RansomPlus : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects RansomPlus ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "RansomPlus"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.RetMyData.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_RetMyData : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects RetMyData ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "RetMyData"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Retis.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Retis : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Retis ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Retis"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Reveton.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Reveton : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Reveton ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Reveton"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Revil.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Revil : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Revil ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Revil"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Rokku.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Rokku : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Rokku ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Rokku"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Ryuk.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Ryuk : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Ryuk ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Ryuk"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Sage.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Sage : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Sage ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Sage"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Satan.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Satan : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Satan ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Satan"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Satana.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Satana : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Satana ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Satana"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Sepsis.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Sepsis : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Sepsis ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Sepsis"
tc_detection_factor = 5
yara/ransomware/Win32.Ransomware.Serpent.yara
+7
View File
@@ -3,6 +3,13 @@ rule Win32_Ransomware_Serpent : tc_detection malicious
meta:
author = "ReversingLabs"
source = "ReversingLabs"
status = "RELEASED"
sharing = "TLP:WHITE"
category = "MALWARE"
description = "Yara rule that detects Serpent ransomware."
tc_detection_type = "Ransomware"
tc_detection_name = "Serpent"
tc_detection_factor = 5

Some files were not shown because too many files have changed in this diff Show More