From b95d1e6beeb2cb5416789faff50f8cdadc3ab944 Mon Sep 17 00:00:00 2001 From: Threat Analyst Date: Fri, 10 Jul 2020 19:11:22 +0200 Subject: [PATCH] Added new YARA rules. --- yara/exploit/Win32.Exploit.CVE20200601.yara | 7 +++++++ yara/infostealer/Win32.Infostealer.MultigrainPOS.yara | 7 +++++++ yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara | 7 +++++++ yara/ransomware/Linux.Ransomware.KillDisk.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.5ss5c.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.ASN1Encoder.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Afrodita.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ako.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Archiveus.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Armage.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Atlas.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.BKRansomware.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.BadBlock.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.BandarChor.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.BitCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Blitzkrieg.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.BrainCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Buran.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Clop.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Cryakl.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Crypmic.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Crypren.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.CryptoBit.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.CryptoFortress.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.CryptoJoker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.CryptoLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.CryptoWall.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Crysis.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Cuba.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.DMALocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.DMR.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Defray.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Delphimorix.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.DenizKizi.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.DesuCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Dharma.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.District.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Erica.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.FCT.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.FLKR.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Fantom.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.FenixLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ferrlock.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.GandCrab.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Gibon.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.GlobeImposter.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Good.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Gpcode.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.HDDCryptor.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.HDMR.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Hermes.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.HydraCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.IFN643.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.JSWorm.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Jamper.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Jemd.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Kangaroo.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.KillDisk.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Kovter.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Kraken.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ladon.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.LeChiffre.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.LockBit.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.LooCipher.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.MZP.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Mafia.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Magniber.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Maktub.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.MarsJoke.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Matsnu.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.MedusaLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Montserrat.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.NanoLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Nefilim.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Nemty.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.NotPetya.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.OphionLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ouroboros.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.PXJ.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Pacman.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Paradise.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Petya.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.PrincessLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.RagnarLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ragnarok.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ransoc.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.RansomPlus.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.RetMyData.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Retis.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Reveton.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Revil.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Rokku.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Ryuk.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Sage.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Satan.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Satana.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Sepsis.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Serpent.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Sherminator.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Sifrelendi.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Sigrun.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Spora.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.TBLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.TeleCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Teslacrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.TorrentLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.VHDLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.VegaLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Velso.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.WannaCry.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.WildFire.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Xorist.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Zeppelin.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.ZeroCrypt.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.ZeroLocker.yara | 7 +++++++ yara/ransomware/Win32.Ransomware.Zoldon.yara | 7 +++++++ yara/ransomware/Win64.Ransomware.Ako.yara | 7 +++++++ yara/ransomware/Win64.Ransomware.SeedLocker.yara | 7 +++++++ yara/trojan/Win32.Trojan.Dridex.yara | 7 +++++++ yara/trojan/Win32.Trojan.Emotet.yara | 7 +++++++ yara/trojan/Win32.Trojan.TrickBot.yara | 7 +++++++ yara/virus/Linux.Virus.Vit.yara | 7 +++++++ yara/virus/Win32.Virus.Awfull.yara | 7 +++++++ yara/virus/Win32.Virus.Cmay.yara | 7 +++++++ yara/virus/Win32.Virus.DeadCode.yara | 7 +++++++ yara/virus/Win32.Virus.Elerad.yara | 7 +++++++ yara/virus/Win32.Virus.Greenp.yara | 7 +++++++ yara/virus/Win32.Virus.Mocket.yara | 7 +++++++ yara/virus/Win32.Virus.Negt.yara | 7 +++++++ 132 files changed, 924 insertions(+) diff --git a/yara/exploit/Win32.Exploit.CVE20200601.yara b/yara/exploit/Win32.Exploit.CVE20200601.yara index db86db5..c1157b3 100644 --- a/yara/exploit/Win32.Exploit.CVE20200601.yara +++ b/yara/exploit/Win32.Exploit.CVE20200601.yara @@ -5,6 +5,13 @@ rule Win32_Exploit_CVE20200601 : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "EXPLOIT" + description = "Yara rule that detects CVE-2020-0601 exploit." + tc_detection_type = "Exploit" tc_detection_name = "CVE-2020-0601" tc_detection_factor = 5 diff --git a/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara b/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara index 3814f2c..a6b4e63 100644 --- a/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara +++ b/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara @@ -3,6 +3,13 @@ rule Win32_Infostealer_MultigrainPOS : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects MultigrainPOS infostealer." + tc_detection_type = "Infostealer" tc_detection_name = "MultigrainPOS" tc_detection_factor = 5 diff --git a/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara b/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara index 40a0475..5b34284 100644 --- a/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara +++ b/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara @@ -3,6 +3,13 @@ rule Win32_Infostealer_ProjectHookPOS : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects ProjectHookPOS infostealer." + tc_detection_type = "Infostealer" tc_detection_name = "ProjectHookPOS" tc_detection_factor = 5 diff --git a/yara/ransomware/Linux.Ransomware.KillDisk.yara b/yara/ransomware/Linux.Ransomware.KillDisk.yara index a88e27c..c0c0c6c 100644 --- a/yara/ransomware/Linux.Ransomware.KillDisk.yara +++ b/yara/ransomware/Linux.Ransomware.KillDisk.yara @@ -3,6 +3,13 @@ rule Linux_Ransomware_KillDisk : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects KillDisk ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "KillDisk" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.5ss5c.yara b/yara/ransomware/Win32.Ransomware.5ss5c.yara index f07e43d..cf0e059 100644 --- a/yara/ransomware/Win32.Ransomware.5ss5c.yara +++ b/yara/ransomware/Win32.Ransomware.5ss5c.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_5ss5c : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects 5ss5c ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "5ss5c" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara b/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara index 29ebf77..cc0fcf0 100644 --- a/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara +++ b/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_ASN1Encoder : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects ASN1Encoder ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "ASN1Encoder" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Afrodita.yara b/yara/ransomware/Win32.Ransomware.Afrodita.yara index d7bfb2f..6b66c84 100644 --- a/yara/ransomware/Win32.Ransomware.Afrodita.yara +++ b/yara/ransomware/Win32.Ransomware.Afrodita.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Afrodita : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Afrodita ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Afrodita" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ako.yara b/yara/ransomware/Win32.Ransomware.Ako.yara index 1b701a3..02e99fa 100644 --- a/yara/ransomware/Win32.Ransomware.Ako.yara +++ b/yara/ransomware/Win32.Ransomware.Ako.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ako : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ako ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ako" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Archiveus.yara b/yara/ransomware/Win32.Ransomware.Archiveus.yara index c139a91..3a0f3d1 100644 --- a/yara/ransomware/Win32.Ransomware.Archiveus.yara +++ b/yara/ransomware/Win32.Ransomware.Archiveus.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_Archiveus : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Archiveus ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Archiveus" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Armage.yara b/yara/ransomware/Win32.Ransomware.Armage.yara index 16260b0..b7505f7 100644 --- a/yara/ransomware/Win32.Ransomware.Armage.yara +++ b/yara/ransomware/Win32.Ransomware.Armage.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Armage : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Armage ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Armage" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Atlas.yara b/yara/ransomware/Win32.Ransomware.Atlas.yara index 0399f12..4f13bce 100644 --- a/yara/ransomware/Win32.Ransomware.Atlas.yara +++ b/yara/ransomware/Win32.Ransomware.Atlas.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Atlas : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Atlas ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Atlas" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.BKRansomware.yara b/yara/ransomware/Win32.Ransomware.BKRansomware.yara index 1fb2abe..a1022cf 100644 --- a/yara/ransomware/Win32.Ransomware.BKRansomware.yara +++ b/yara/ransomware/Win32.Ransomware.BKRansomware.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_BKRansomware : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects BKRansomware ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "BKRansomware" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.BadBlock.yara b/yara/ransomware/Win32.Ransomware.BadBlock.yara index 9386866..ae75664 100644 --- a/yara/ransomware/Win32.Ransomware.BadBlock.yara +++ b/yara/ransomware/Win32.Ransomware.BadBlock.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_BadBlock : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects BadBlock ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "BadBlock" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.BandarChor.yara b/yara/ransomware/Win32.Ransomware.BandarChor.yara index a49aa67..30d74d0 100644 --- a/yara/ransomware/Win32.Ransomware.BandarChor.yara +++ b/yara/ransomware/Win32.Ransomware.BandarChor.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_BandarChor : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects BandarChor ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "BandarChor" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.BitCrypt.yara b/yara/ransomware/Win32.Ransomware.BitCrypt.yara index fb380af..24e8186 100644 --- a/yara/ransomware/Win32.Ransomware.BitCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.BitCrypt.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_BitCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects BitCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "BitCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara b/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara index 77cf31e..9c12ec1 100644 --- a/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara +++ b/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Blitzkrieg : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Blitzkrieg ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Blitzkrieg" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.BrainCrypt.yara b/yara/ransomware/Win32.Ransomware.BrainCrypt.yara index 17ef97e..1ee43eb 100644 --- a/yara/ransomware/Win32.Ransomware.BrainCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.BrainCrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_BrainCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects BrainCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "BrainCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Buran.yara b/yara/ransomware/Win32.Ransomware.Buran.yara index d47bb43..86dcf2a 100644 --- a/yara/ransomware/Win32.Ransomware.Buran.yara +++ b/yara/ransomware/Win32.Ransomware.Buran.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Buran : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Buran ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Buran" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Clop.yara b/yara/ransomware/Win32.Ransomware.Clop.yara index 0888638..8c8cef6 100644 --- a/yara/ransomware/Win32.Ransomware.Clop.yara +++ b/yara/ransomware/Win32.Ransomware.Clop.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Clop : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Clop ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Clop" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Cryakl.yara b/yara/ransomware/Win32.Ransomware.Cryakl.yara index f99f14a..5ee6d38 100644 --- a/yara/ransomware/Win32.Ransomware.Cryakl.yara +++ b/yara/ransomware/Win32.Ransomware.Cryakl.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Cryakl : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Cryakl ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Cryakl" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Crypmic.yara b/yara/ransomware/Win32.Ransomware.Crypmic.yara index 853b823..3979326 100644 --- a/yara/ransomware/Win32.Ransomware.Crypmic.yara +++ b/yara/ransomware/Win32.Ransomware.Crypmic.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Crypmic : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Crypmic ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Crypmic" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Crypren.yara b/yara/ransomware/Win32.Ransomware.Crypren.yara index a0a6359..a73f6c9 100644 --- a/yara/ransomware/Win32.Ransomware.Crypren.yara +++ b/yara/ransomware/Win32.Ransomware.Crypren.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Crypren : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Crypren ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Crypren" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.CryptoBit.yara b/yara/ransomware/Win32.Ransomware.CryptoBit.yara index eca60f9..3797d06 100644 --- a/yara/ransomware/Win32.Ransomware.CryptoBit.yara +++ b/yara/ransomware/Win32.Ransomware.CryptoBit.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoBit : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects CryptoBit ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "CryptoBit" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.CryptoFortress.yara b/yara/ransomware/Win32.Ransomware.CryptoFortress.yara index 38b013c..e8db647 100644 --- a/yara/ransomware/Win32.Ransomware.CryptoFortress.yara +++ b/yara/ransomware/Win32.Ransomware.CryptoFortress.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoFortress : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects CryptoFortress ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "CryptoFortress" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.CryptoJoker.yara b/yara/ransomware/Win32.Ransomware.CryptoJoker.yara index 0ba3d3d..a3f944d 100644 --- a/yara/ransomware/Win32.Ransomware.CryptoJoker.yara +++ b/yara/ransomware/Win32.Ransomware.CryptoJoker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_CryptoJoker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects CryptoJoker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "CryptoJoker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.CryptoLocker.yara b/yara/ransomware/Win32.Ransomware.CryptoLocker.yara index 102a507..ddd1404 100644 --- a/yara/ransomware/Win32.Ransomware.CryptoLocker.yara +++ b/yara/ransomware/Win32.Ransomware.CryptoLocker.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_CryptoLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects CryptoLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "CryptoLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.CryptoWall.yara b/yara/ransomware/Win32.Ransomware.CryptoWall.yara index 17bdb5a..ea90988 100644 --- a/yara/ransomware/Win32.Ransomware.CryptoWall.yara +++ b/yara/ransomware/Win32.Ransomware.CryptoWall.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_CryptoWall : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects CryptoWall ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "CryptoWall" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Crysis.yara b/yara/ransomware/Win32.Ransomware.Crysis.yara index 3344c92..9a1b7f6 100644 --- a/yara/ransomware/Win32.Ransomware.Crysis.yara +++ b/yara/ransomware/Win32.Ransomware.Crysis.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Crysis : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Crysis ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Crysis" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Cuba.yara b/yara/ransomware/Win32.Ransomware.Cuba.yara index 5fd513c..9972b81 100644 --- a/yara/ransomware/Win32.Ransomware.Cuba.yara +++ b/yara/ransomware/Win32.Ransomware.Cuba.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Cuba : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Cuba ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Cuba" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.DMALocker.yara b/yara/ransomware/Win32.Ransomware.DMALocker.yara index ef18553..4f9a650 100644 --- a/yara/ransomware/Win32.Ransomware.DMALocker.yara +++ b/yara/ransomware/Win32.Ransomware.DMALocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_DMALocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DMALocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "DMALocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.DMR.yara b/yara/ransomware/Win32.Ransomware.DMR.yara index b10e6b2..4c89f9d 100644 --- a/yara/ransomware/Win32.Ransomware.DMR.yara +++ b/yara/ransomware/Win32.Ransomware.DMR.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_DMR : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DMR ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "DMR" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Defray.yara b/yara/ransomware/Win32.Ransomware.Defray.yara index 6c7f249..89c9c35 100644 --- a/yara/ransomware/Win32.Ransomware.Defray.yara +++ b/yara/ransomware/Win32.Ransomware.Defray.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Defray : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Defray ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Defray" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Delphimorix.yara b/yara/ransomware/Win32.Ransomware.Delphimorix.yara index f7772a4..3c3d444 100644 --- a/yara/ransomware/Win32.Ransomware.Delphimorix.yara +++ b/yara/ransomware/Win32.Ransomware.Delphimorix.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Delphimorix : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Delphimorix ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Delphimorix" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.DenizKizi.yara b/yara/ransomware/Win32.Ransomware.DenizKizi.yara index 98ca61d..4794b1b 100644 --- a/yara/ransomware/Win32.Ransomware.DenizKizi.yara +++ b/yara/ransomware/Win32.Ransomware.DenizKizi.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_DenizKizi : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DenizKizi ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "DenizKizi" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.DesuCrypt.yara b/yara/ransomware/Win32.Ransomware.DesuCrypt.yara index c2f3eb6..26854f3 100644 --- a/yara/ransomware/Win32.Ransomware.DesuCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.DesuCrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_DesuCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DesuCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "DesuCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Dharma.yara b/yara/ransomware/Win32.Ransomware.Dharma.yara index 0ab8f41..070b80b 100644 --- a/yara/ransomware/Win32.Ransomware.Dharma.yara +++ b/yara/ransomware/Win32.Ransomware.Dharma.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Dharma : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Dharma ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Dharma" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara b/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara index 2309774..a0bcd0c 100644 --- a/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara +++ b/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_DirtyDecrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DirtyDecrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "DirtyDecrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.District.yara b/yara/ransomware/Win32.Ransomware.District.yara index 28637ee..4be191d 100644 --- a/yara/ransomware/Win32.Ransomware.District.yara +++ b/yara/ransomware/Win32.Ransomware.District.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_District : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects District ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "District" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Erica.yara b/yara/ransomware/Win32.Ransomware.Erica.yara index 14677c8..5800699 100644 --- a/yara/ransomware/Win32.Ransomware.Erica.yara +++ b/yara/ransomware/Win32.Ransomware.Erica.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Erica : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Erica ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Erica" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.FCT.yara b/yara/ransomware/Win32.Ransomware.FCT.yara index 260f34e..0b4f8e5 100644 --- a/yara/ransomware/Win32.Ransomware.FCT.yara +++ b/yara/ransomware/Win32.Ransomware.FCT.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_FCT : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects FCT ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "FCT" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.FLKR.yara b/yara/ransomware/Win32.Ransomware.FLKR.yara index 2aac588..ae6f042 100644 --- a/yara/ransomware/Win32.Ransomware.FLKR.yara +++ b/yara/ransomware/Win32.Ransomware.FLKR.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_FLKR : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects FLKR ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "FLKR" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Fantom.yara b/yara/ransomware/Win32.Ransomware.Fantom.yara index 3be2900..6c2deac 100644 --- a/yara/ransomware/Win32.Ransomware.Fantom.yara +++ b/yara/ransomware/Win32.Ransomware.Fantom.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Fantom : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Fantom ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Fantom" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.FenixLocker.yara b/yara/ransomware/Win32.Ransomware.FenixLocker.yara index 8456957..5c69f20 100644 --- a/yara/ransomware/Win32.Ransomware.FenixLocker.yara +++ b/yara/ransomware/Win32.Ransomware.FenixLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_FenixLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects FenixLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "FenixLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ferrlock.yara b/yara/ransomware/Win32.Ransomware.Ferrlock.yara index a256381..148de54 100644 --- a/yara/ransomware/Win32.Ransomware.Ferrlock.yara +++ b/yara/ransomware/Win32.Ransomware.Ferrlock.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ferrlock : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ferrlock ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ferrlock" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.GandCrab.yara b/yara/ransomware/Win32.Ransomware.GandCrab.yara index 65997ee..e230948 100644 --- a/yara/ransomware/Win32.Ransomware.GandCrab.yara +++ b/yara/ransomware/Win32.Ransomware.GandCrab.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_GandCrab : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects GandCrab ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "GandCrab" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara b/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara index df28f5c..12ad992 100644 --- a/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara +++ b/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_GarrantyDecrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects GarrantyDecrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "GarrantyDecrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Gibon.yara b/yara/ransomware/Win32.Ransomware.Gibon.yara index 97bb782..c86fc83 100644 --- a/yara/ransomware/Win32.Ransomware.Gibon.yara +++ b/yara/ransomware/Win32.Ransomware.Gibon.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Gibon : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Gibon ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Gibon" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.GlobeImposter.yara b/yara/ransomware/Win32.Ransomware.GlobeImposter.yara index 550fc52..6875d52 100644 --- a/yara/ransomware/Win32.Ransomware.GlobeImposter.yara +++ b/yara/ransomware/Win32.Ransomware.GlobeImposter.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_GlobeImposter : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects GlobeImposter ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "GlobeImposter" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Good.yara b/yara/ransomware/Win32.Ransomware.Good.yara index 1a4171f..77b812c 100644 --- a/yara/ransomware/Win32.Ransomware.Good.yara +++ b/yara/ransomware/Win32.Ransomware.Good.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Good : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Good ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Good" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Gpcode.yara b/yara/ransomware/Win32.Ransomware.Gpcode.yara index ff4ff9f..6095f0c 100644 --- a/yara/ransomware/Win32.Ransomware.Gpcode.yara +++ b/yara/ransomware/Win32.Ransomware.Gpcode.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_GPCode : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Gpcode ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "GPCode" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.HDDCryptor.yara b/yara/ransomware/Win32.Ransomware.HDDCryptor.yara index d0f5f96..1b00ccf 100644 --- a/yara/ransomware/Win32.Ransomware.HDDCryptor.yara +++ b/yara/ransomware/Win32.Ransomware.HDDCryptor.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_HDDCryptor : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects HDDCryptor ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "HDDCryptor" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.HDMR.yara b/yara/ransomware/Win32.Ransomware.HDMR.yara index e5fe293..8570970 100644 --- a/yara/ransomware/Win32.Ransomware.HDMR.yara +++ b/yara/ransomware/Win32.Ransomware.HDMR.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_HDMR : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects HDMR ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "HDMR" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Hermes.yara b/yara/ransomware/Win32.Ransomware.Hermes.yara index 63fd15d..3dfa61a 100644 --- a/yara/ransomware/Win32.Ransomware.Hermes.yara +++ b/yara/ransomware/Win32.Ransomware.Hermes.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Hermes : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Hermes ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Hermes" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.HydraCrypt.yara b/yara/ransomware/Win32.Ransomware.HydraCrypt.yara index e77f127..9a36bca 100644 --- a/yara/ransomware/Win32.Ransomware.HydraCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.HydraCrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_HydraCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects HydraCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "HydraCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.IFN643.yara b/yara/ransomware/Win32.Ransomware.IFN643.yara index 624e354..3fb0c90 100644 --- a/yara/ransomware/Win32.Ransomware.IFN643.yara +++ b/yara/ransomware/Win32.Ransomware.IFN643.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_IFN643 : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects IFN643 ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "IFN643" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.JSWorm.yara b/yara/ransomware/Win32.Ransomware.JSWorm.yara index 4197e13..dfca1d5 100644 --- a/yara/ransomware/Win32.Ransomware.JSWorm.yara +++ b/yara/ransomware/Win32.Ransomware.JSWorm.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_JSWorm : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects JSWorm ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "JSWorm" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Jamper.yara b/yara/ransomware/Win32.Ransomware.Jamper.yara index 84f79ce..a0238e6 100644 --- a/yara/ransomware/Win32.Ransomware.Jamper.yara +++ b/yara/ransomware/Win32.Ransomware.Jamper.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Jamper : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Jamper ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Jamper" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Jemd.yara b/yara/ransomware/Win32.Ransomware.Jemd.yara index 6084c23..dfd5712 100644 --- a/yara/ransomware/Win32.Ransomware.Jemd.yara +++ b/yara/ransomware/Win32.Ransomware.Jemd.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Jemd : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Jemd ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Jemd" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Kangaroo.yara b/yara/ransomware/Win32.Ransomware.Kangaroo.yara index 8616e46..9c04699 100644 --- a/yara/ransomware/Win32.Ransomware.Kangaroo.yara +++ b/yara/ransomware/Win32.Ransomware.Kangaroo.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Kangaroo : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Kangaroo ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Kangaroo" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.KillDisk.yara b/yara/ransomware/Win32.Ransomware.KillDisk.yara index 441ecd2..0feb75c 100644 --- a/yara/ransomware/Win32.Ransomware.KillDisk.yara +++ b/yara/ransomware/Win32.Ransomware.KillDisk.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_KillDisk : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects KillDisk ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "KillDisk" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Kovter.yara b/yara/ransomware/Win32.Ransomware.Kovter.yara index 8768e68..13a25eb 100644 --- a/yara/ransomware/Win32.Ransomware.Kovter.yara +++ b/yara/ransomware/Win32.Ransomware.Kovter.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Kovter : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Kovter ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Kovter" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Kraken.yara b/yara/ransomware/Win32.Ransomware.Kraken.yara index d9ce66b..c3e0030 100644 --- a/yara/ransomware/Win32.Ransomware.Kraken.yara +++ b/yara/ransomware/Win32.Ransomware.Kraken.yara @@ -3,6 +3,13 @@ rule Linux_Ransomware_Kraken : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Kraken ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Kraken" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ladon.yara b/yara/ransomware/Win32.Ransomware.Ladon.yara index 50caad9..f5fde5b 100644 --- a/yara/ransomware/Win32.Ransomware.Ladon.yara +++ b/yara/ransomware/Win32.Ransomware.Ladon.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ladon : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ladon ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ladon" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.LeChiffre.yara b/yara/ransomware/Win32.Ransomware.LeChiffre.yara index c25ac70..dc5d482 100644 --- a/yara/ransomware/Win32.Ransomware.LeChiffre.yara +++ b/yara/ransomware/Win32.Ransomware.LeChiffre.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_LeChiffre : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects LeChiffre ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "LeChiffre" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.LockBit.yara b/yara/ransomware/Win32.Ransomware.LockBit.yara index 51ff102..eb5703f 100644 --- a/yara/ransomware/Win32.Ransomware.LockBit.yara +++ b/yara/ransomware/Win32.Ransomware.LockBit.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_LockBit : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects LockBit ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "LockBit" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.LooCipher.yara b/yara/ransomware/Win32.Ransomware.LooCipher.yara index e1bfa44..677abfa 100644 --- a/yara/ransomware/Win32.Ransomware.LooCipher.yara +++ b/yara/ransomware/Win32.Ransomware.LooCipher.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_LooCipher : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects LooCipher ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "LooCipher" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.MZP.yara b/yara/ransomware/Win32.Ransomware.MZP.yara index 6456316..c3ebee5 100644 --- a/yara/ransomware/Win32.Ransomware.MZP.yara +++ b/yara/ransomware/Win32.Ransomware.MZP.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_MZP : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects MZP ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "MZP" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Mafia.yara b/yara/ransomware/Win32.Ransomware.Mafia.yara index c1b30b5..d510676 100644 --- a/yara/ransomware/Win32.Ransomware.Mafia.yara +++ b/yara/ransomware/Win32.Ransomware.Mafia.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Mafia : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Mafia ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Mafia" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Magniber.yara b/yara/ransomware/Win32.Ransomware.Magniber.yara index bc60e92..7b8b104 100644 --- a/yara/ransomware/Win32.Ransomware.Magniber.yara +++ b/yara/ransomware/Win32.Ransomware.Magniber.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Magniber : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Magniber ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Magniber" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Maktub.yara b/yara/ransomware/Win32.Ransomware.Maktub.yara index ea8dfaf..8455fee 100644 --- a/yara/ransomware/Win32.Ransomware.Maktub.yara +++ b/yara/ransomware/Win32.Ransomware.Maktub.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Maktub : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Maktub ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Maktub" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.MarsJoke.yara b/yara/ransomware/Win32.Ransomware.MarsJoke.yara index 65653ae..2b5a516 100644 --- a/yara/ransomware/Win32.Ransomware.MarsJoke.yara +++ b/yara/ransomware/Win32.Ransomware.MarsJoke.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_MarsJoke : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects MarsJoke ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "MarsJoke" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Matsnu.yara b/yara/ransomware/Win32.Ransomware.Matsnu.yara index 3011926..49bde70 100644 --- a/yara/ransomware/Win32.Ransomware.Matsnu.yara +++ b/yara/ransomware/Win32.Ransomware.Matsnu.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Matsnu : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Matsnu ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Matsnu" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.MedusaLocker.yara b/yara/ransomware/Win32.Ransomware.MedusaLocker.yara index e13fd8d..36e4246 100644 --- a/yara/ransomware/Win32.Ransomware.MedusaLocker.yara +++ b/yara/ransomware/Win32.Ransomware.MedusaLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_MedusaLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects MedusaLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "MedusaLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Montserrat.yara b/yara/ransomware/Win32.Ransomware.Montserrat.yara index fa42431..f100627 100644 --- a/yara/ransomware/Win32.Ransomware.Montserrat.yara +++ b/yara/ransomware/Win32.Ransomware.Montserrat.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Montserrat : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Montserrat ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Montserrat" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.NanoLocker.yara b/yara/ransomware/Win32.Ransomware.NanoLocker.yara index a2b2cbe..2c4cc6c 100644 --- a/yara/ransomware/Win32.Ransomware.NanoLocker.yara +++ b/yara/ransomware/Win32.Ransomware.NanoLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_NanoLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects NanoLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "NanoLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Nefilim.yara b/yara/ransomware/Win32.Ransomware.Nefilim.yara index 10592d1..c01efa0 100644 --- a/yara/ransomware/Win32.Ransomware.Nefilim.yara +++ b/yara/ransomware/Win32.Ransomware.Nefilim.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Nefilim : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Nefilim ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Nefilim" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Nemty.yara b/yara/ransomware/Win32.Ransomware.Nemty.yara index 8f61099..beb8ed1 100644 --- a/yara/ransomware/Win32.Ransomware.Nemty.yara +++ b/yara/ransomware/Win32.Ransomware.Nemty.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Nemty : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Nemty ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Nemty" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.NotPetya.yara b/yara/ransomware/Win32.Ransomware.NotPetya.yara index 5e5dea0..56bd2dd 100644 --- a/yara/ransomware/Win32.Ransomware.NotPetya.yara +++ b/yara/ransomware/Win32.Ransomware.NotPetya.yara @@ -4,6 +4,13 @@ rule Win32_Ransomware_NotPetya : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects NotPetya ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "NotPetya" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.OphionLocker.yara b/yara/ransomware/Win32.Ransomware.OphionLocker.yara index 04971cd..968aaca 100644 --- a/yara/ransomware/Win32.Ransomware.OphionLocker.yara +++ b/yara/ransomware/Win32.Ransomware.OphionLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_OphionLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects OphionLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "OphionLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ouroboros.yara b/yara/ransomware/Win32.Ransomware.Ouroboros.yara index 9605b24..cd0b2c3 100644 --- a/yara/ransomware/Win32.Ransomware.Ouroboros.yara +++ b/yara/ransomware/Win32.Ransomware.Ouroboros.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ouroboros : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ouroboros ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ouroboros" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.PXJ.yara b/yara/ransomware/Win32.Ransomware.PXJ.yara index 37a80fd..cb108b8 100644 --- a/yara/ransomware/Win32.Ransomware.PXJ.yara +++ b/yara/ransomware/Win32.Ransomware.PXJ.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_PXJ : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects PXJ ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "PXJ" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Pacman.yara b/yara/ransomware/Win32.Ransomware.Pacman.yara index a84d4e9..a1bf307 100644 --- a/yara/ransomware/Win32.Ransomware.Pacman.yara +++ b/yara/ransomware/Win32.Ransomware.Pacman.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Pacman : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Pacman ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Pacman" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Paradise.yara b/yara/ransomware/Win32.Ransomware.Paradise.yara index 1296221..f6dd8b3 100644 --- a/yara/ransomware/Win32.Ransomware.Paradise.yara +++ b/yara/ransomware/Win32.Ransomware.Paradise.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Paradise : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Paradise ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Paradise" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Petya.yara b/yara/ransomware/Win32.Ransomware.Petya.yara index 1f9ccde..1130111 100644 --- a/yara/ransomware/Win32.Ransomware.Petya.yara +++ b/yara/ransomware/Win32.Ransomware.Petya.yara @@ -6,6 +6,13 @@ rule Win32_Ransomware_Petya : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Petya ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Petya" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.PrincessLocker.yara b/yara/ransomware/Win32.Ransomware.PrincessLocker.yara index 40ab859..efab4e5 100644 --- a/yara/ransomware/Win32.Ransomware.PrincessLocker.yara +++ b/yara/ransomware/Win32.Ransomware.PrincessLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_PrincessLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects PrincessLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "PrincessLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.RagnarLocker.yara b/yara/ransomware/Win32.Ransomware.RagnarLocker.yara index 6fb9f83..9d85ca3 100644 --- a/yara/ransomware/Win32.Ransomware.RagnarLocker.yara +++ b/yara/ransomware/Win32.Ransomware.RagnarLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_RagnarLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects RagnarLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "RagnarLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ragnarok.yara b/yara/ransomware/Win32.Ransomware.Ragnarok.yara index c15f25d..86a79da 100644 --- a/yara/ransomware/Win32.Ransomware.Ragnarok.yara +++ b/yara/ransomware/Win32.Ransomware.Ragnarok.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ragnarok : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ragnarok ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ragnarok" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ransoc.yara b/yara/ransomware/Win32.Ransomware.Ransoc.yara index d59458e..65cd668 100644 --- a/yara/ransomware/Win32.Ransomware.Ransoc.yara +++ b/yara/ransomware/Win32.Ransomware.Ransoc.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ransoc : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ransoc ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ransoc" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.RansomPlus.yara b/yara/ransomware/Win32.Ransomware.RansomPlus.yara index 6a73245..a51d1e3 100644 --- a/yara/ransomware/Win32.Ransomware.RansomPlus.yara +++ b/yara/ransomware/Win32.Ransomware.RansomPlus.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_RansomPlus : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects RansomPlus ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "RansomPlus" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.RetMyData.yara b/yara/ransomware/Win32.Ransomware.RetMyData.yara index bbd9566..cc23611 100644 --- a/yara/ransomware/Win32.Ransomware.RetMyData.yara +++ b/yara/ransomware/Win32.Ransomware.RetMyData.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_RetMyData : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects RetMyData ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "RetMyData" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Retis.yara b/yara/ransomware/Win32.Ransomware.Retis.yara index 1ee9919..2c1fcd8 100644 --- a/yara/ransomware/Win32.Ransomware.Retis.yara +++ b/yara/ransomware/Win32.Ransomware.Retis.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Retis : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Retis ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Retis" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Reveton.yara b/yara/ransomware/Win32.Ransomware.Reveton.yara index fcc97ce..caeece7 100644 --- a/yara/ransomware/Win32.Ransomware.Reveton.yara +++ b/yara/ransomware/Win32.Ransomware.Reveton.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Reveton : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Reveton ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Reveton" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Revil.yara b/yara/ransomware/Win32.Ransomware.Revil.yara index 2454499..c4c99f7 100644 --- a/yara/ransomware/Win32.Ransomware.Revil.yara +++ b/yara/ransomware/Win32.Ransomware.Revil.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Revil : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Revil ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Revil" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Rokku.yara b/yara/ransomware/Win32.Ransomware.Rokku.yara index adba3ba..b3c6a41 100644 --- a/yara/ransomware/Win32.Ransomware.Rokku.yara +++ b/yara/ransomware/Win32.Ransomware.Rokku.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Rokku : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Rokku ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Rokku" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Ryuk.yara b/yara/ransomware/Win32.Ransomware.Ryuk.yara index 96d5cc0..ed8b218 100644 --- a/yara/ransomware/Win32.Ransomware.Ryuk.yara +++ b/yara/ransomware/Win32.Ransomware.Ryuk.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Ryuk : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ryuk ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ryuk" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Sage.yara b/yara/ransomware/Win32.Ransomware.Sage.yara index 3fbeaad..b9aacf3 100644 --- a/yara/ransomware/Win32.Ransomware.Sage.yara +++ b/yara/ransomware/Win32.Ransomware.Sage.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Sage : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Sage ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Sage" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Satan.yara b/yara/ransomware/Win32.Ransomware.Satan.yara index ad1214c..7dea670 100644 --- a/yara/ransomware/Win32.Ransomware.Satan.yara +++ b/yara/ransomware/Win32.Ransomware.Satan.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Satan : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Satan ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Satan" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Satana.yara b/yara/ransomware/Win32.Ransomware.Satana.yara index 7c8a721..301e660 100644 --- a/yara/ransomware/Win32.Ransomware.Satana.yara +++ b/yara/ransomware/Win32.Ransomware.Satana.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Satana : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Satana ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Satana" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Sepsis.yara b/yara/ransomware/Win32.Ransomware.Sepsis.yara index 58dbf9e..6ff742b 100644 --- a/yara/ransomware/Win32.Ransomware.Sepsis.yara +++ b/yara/ransomware/Win32.Ransomware.Sepsis.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Sepsis : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Sepsis ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Sepsis" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Serpent.yara b/yara/ransomware/Win32.Ransomware.Serpent.yara index c9cb006..da64489 100644 --- a/yara/ransomware/Win32.Ransomware.Serpent.yara +++ b/yara/ransomware/Win32.Ransomware.Serpent.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Serpent : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Serpent ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Serpent" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara b/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara index 648f0f8..7631c86 100644 --- a/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara +++ b/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_SevenSevenSeven : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects SevenSevenSeven ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "SevenSevenSeven" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Sherminator.yara b/yara/ransomware/Win32.Ransomware.Sherminator.yara index e4d8a00..f13712f 100644 --- a/yara/ransomware/Win32.Ransomware.Sherminator.yara +++ b/yara/ransomware/Win32.Ransomware.Sherminator.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Sherminator : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Sherminator ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Sherminator" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Sifrelendi.yara b/yara/ransomware/Win32.Ransomware.Sifrelendi.yara index f699866..df3fe6c 100644 --- a/yara/ransomware/Win32.Ransomware.Sifrelendi.yara +++ b/yara/ransomware/Win32.Ransomware.Sifrelendi.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Sifrelendi : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Sifrelendi ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Sifrelendi" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Sigrun.yara b/yara/ransomware/Win32.Ransomware.Sigrun.yara index 09b6b5f..ff8edc2 100644 --- a/yara/ransomware/Win32.Ransomware.Sigrun.yara +++ b/yara/ransomware/Win32.Ransomware.Sigrun.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Sigrun : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Sigrun ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Sigrun" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Spora.yara b/yara/ransomware/Win32.Ransomware.Spora.yara index cd9cfe8..6733300 100644 --- a/yara/ransomware/Win32.Ransomware.Spora.yara +++ b/yara/ransomware/Win32.Ransomware.Spora.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Spora : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Spora ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Spora" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.TBLocker.yara b/yara/ransomware/Win32.Ransomware.TBLocker.yara index ee2725a..619810c 100644 --- a/yara/ransomware/Win32.Ransomware.TBLocker.yara +++ b/yara/ransomware/Win32.Ransomware.TBLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_TBLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects TBLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "TBLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.TeleCrypt.yara b/yara/ransomware/Win32.Ransomware.TeleCrypt.yara index 32a398d..51f0057 100644 --- a/yara/ransomware/Win32.Ransomware.TeleCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.TeleCrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_TeleCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects TeleCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "TeleCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Teslacrypt.yara b/yara/ransomware/Win32.Ransomware.Teslacrypt.yara index 93b6ba9..5b25e8e 100644 --- a/yara/ransomware/Win32.Ransomware.Teslacrypt.yara +++ b/yara/ransomware/Win32.Ransomware.Teslacrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Teslacrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Teslacrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Teslacrypt" diff --git a/yara/ransomware/Win32.Ransomware.TorrentLocker.yara b/yara/ransomware/Win32.Ransomware.TorrentLocker.yara index d36cab5..03e62c4 100644 --- a/yara/ransomware/Win32.Ransomware.TorrentLocker.yara +++ b/yara/ransomware/Win32.Ransomware.TorrentLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_TorrentLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects TorrentLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "TorrentLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.VHDLocker.yara b/yara/ransomware/Win32.Ransomware.VHDLocker.yara index 5669f24..54ca316 100644 --- a/yara/ransomware/Win32.Ransomware.VHDLocker.yara +++ b/yara/ransomware/Win32.Ransomware.VHDLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_VHDLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects VHDLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "VHDLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.VegaLocker.yara b/yara/ransomware/Win32.Ransomware.VegaLocker.yara index 780156c..59d9dea 100644 --- a/yara/ransomware/Win32.Ransomware.VegaLocker.yara +++ b/yara/ransomware/Win32.Ransomware.VegaLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_VegaLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects VegaLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "VegaLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Velso.yara b/yara/ransomware/Win32.Ransomware.Velso.yara index 85dc219..145ca7f 100644 --- a/yara/ransomware/Win32.Ransomware.Velso.yara +++ b/yara/ransomware/Win32.Ransomware.Velso.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Velso : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Velso ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Velso" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.WannaCry.yara b/yara/ransomware/Win32.Ransomware.WannaCry.yara index e14820d..f71cf69 100644 --- a/yara/ransomware/Win32.Ransomware.WannaCry.yara +++ b/yara/ransomware/Win32.Ransomware.WannaCry.yara @@ -5,6 +5,13 @@ rule Win32_Ransomware_WannaCry : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects WannaCry ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "WannaCry" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.WildFire.yara b/yara/ransomware/Win32.Ransomware.WildFire.yara index 1e56fc3..d92b9ea 100644 --- a/yara/ransomware/Win32.Ransomware.WildFire.yara +++ b/yara/ransomware/Win32.Ransomware.WildFire.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_WildFire : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects WildFire ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "WildFire" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Xorist.yara b/yara/ransomware/Win32.Ransomware.Xorist.yara index 760a81f..0b31913 100644 --- a/yara/ransomware/Win32.Ransomware.Xorist.yara +++ b/yara/ransomware/Win32.Ransomware.Xorist.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Xorist : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Xorist ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Xorist" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Zeppelin.yara b/yara/ransomware/Win32.Ransomware.Zeppelin.yara index 88410f8..7f55966 100644 --- a/yara/ransomware/Win32.Ransomware.Zeppelin.yara +++ b/yara/ransomware/Win32.Ransomware.Zeppelin.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Zeppelin : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Zeppelin ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Zeppelin" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara b/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara index dfa332c..f224042 100644 --- a/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara +++ b/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_ZeroCrypt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects ZeroCrypt ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "ZeroCrypt" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.ZeroLocker.yara b/yara/ransomware/Win32.Ransomware.ZeroLocker.yara index e2fd7f2..b44ea29 100644 --- a/yara/ransomware/Win32.Ransomware.ZeroLocker.yara +++ b/yara/ransomware/Win32.Ransomware.ZeroLocker.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_ZeroLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects ZeroLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "ZeroLocker" tc_detection_factor = 5 diff --git a/yara/ransomware/Win32.Ransomware.Zoldon.yara b/yara/ransomware/Win32.Ransomware.Zoldon.yara index cb853a8..68fea4d 100644 --- a/yara/ransomware/Win32.Ransomware.Zoldon.yara +++ b/yara/ransomware/Win32.Ransomware.Zoldon.yara @@ -3,6 +3,13 @@ rule Win32_Ransomware_Zoldon : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Zoldon ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Zoldon" tc_detection_factor = 5 diff --git a/yara/ransomware/Win64.Ransomware.Ako.yara b/yara/ransomware/Win64.Ransomware.Ako.yara index 5c663b9..27f6ee7 100644 --- a/yara/ransomware/Win64.Ransomware.Ako.yara +++ b/yara/ransomware/Win64.Ransomware.Ako.yara @@ -3,6 +3,13 @@ rule Win64_Ransomware_Ako : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Ako ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "Ako" tc_detection_factor = 5 diff --git a/yara/ransomware/Win64.Ransomware.SeedLocker.yara b/yara/ransomware/Win64.Ransomware.SeedLocker.yara index 2128dad..3651abf 100644 --- a/yara/ransomware/Win64.Ransomware.SeedLocker.yara +++ b/yara/ransomware/Win64.Ransomware.SeedLocker.yara @@ -3,6 +3,13 @@ rule Win64_Ransomware_SeedLocker : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects SeedLocker ransomware." + tc_detection_type = "Ransomware" tc_detection_name = "SeedLocker" tc_detection_factor = 5 diff --git a/yara/trojan/Win32.Trojan.Dridex.yara b/yara/trojan/Win32.Trojan.Dridex.yara index 8ccbd0d..4b9ea2d 100644 --- a/yara/trojan/Win32.Trojan.Dridex.yara +++ b/yara/trojan/Win32.Trojan.Dridex.yara @@ -3,6 +3,13 @@ rule Win32_Trojan_Dridex : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Dridex trojan." + tc_detection_type = "Trojan" tc_detection_name = "Dridex" tc_detection_factor = 5 diff --git a/yara/trojan/Win32.Trojan.Emotet.yara b/yara/trojan/Win32.Trojan.Emotet.yara index 51ddc74..558698c 100644 --- a/yara/trojan/Win32.Trojan.Emotet.yara +++ b/yara/trojan/Win32.Trojan.Emotet.yara @@ -3,6 +3,13 @@ rule Win32_Trojan_Emotet : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Emotet trojan." + tc_detection_type = "Trojan" tc_detection_name = "Emotet" tc_detection_factor = 5 diff --git a/yara/trojan/Win32.Trojan.TrickBot.yara b/yara/trojan/Win32.Trojan.TrickBot.yara index b345d22..6c8fa64 100644 --- a/yara/trojan/Win32.Trojan.TrickBot.yara +++ b/yara/trojan/Win32.Trojan.TrickBot.yara @@ -3,6 +3,13 @@ rule Win32_Trojan_TrickBot : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects TrickBot trojan." + tc_detection_type = "Trojan" tc_detection_name = "TrickBot" tc_detection_factor = 5 diff --git a/yara/virus/Linux.Virus.Vit.yara b/yara/virus/Linux.Virus.Vit.yara index c4885f8..ddb8fd8 100644 --- a/yara/virus/Linux.Virus.Vit.yara +++ b/yara/virus/Linux.Virus.Vit.yara @@ -5,6 +5,13 @@ rule Linux_Virus_Vit : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Vit virus." + tc_detection_type = "Virus" tc_detection_name = "Vit" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Awfull.yara b/yara/virus/Win32.Virus.Awfull.yara index 061d8f3..d2df6d6 100644 --- a/yara/virus/Win32.Virus.Awfull.yara +++ b/yara/virus/Win32.Virus.Awfull.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Awfull : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Awfull virus." + tc_detection_type = "Virus" tc_detection_name = "Awfull" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Cmay.yara b/yara/virus/Win32.Virus.Cmay.yara index 3a99641..04bf8b7 100644 --- a/yara/virus/Win32.Virus.Cmay.yara +++ b/yara/virus/Win32.Virus.Cmay.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Cmay : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Cmay virus." + tc_detection_type = "Virus" tc_detection_name = "Cmay" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.DeadCode.yara b/yara/virus/Win32.Virus.DeadCode.yara index 02d879a..0f70f96 100644 --- a/yara/virus/Win32.Virus.DeadCode.yara +++ b/yara/virus/Win32.Virus.DeadCode.yara @@ -5,6 +5,13 @@ rule Win32_Virus_DeadCode : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects DeadCode virus." + tc_detection_type = "Virus" tc_detection_name = "DeadCode" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Elerad.yara b/yara/virus/Win32.Virus.Elerad.yara index bb72ec0..ba77b75 100644 --- a/yara/virus/Win32.Virus.Elerad.yara +++ b/yara/virus/Win32.Virus.Elerad.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Elerad : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Elerad virus." + tc_detection_type = "Virus" tc_detection_name = "Elerad" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Greenp.yara b/yara/virus/Win32.Virus.Greenp.yara index 614dbc9..85451dd 100644 --- a/yara/virus/Win32.Virus.Greenp.yara +++ b/yara/virus/Win32.Virus.Greenp.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Greenp : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Greenp virus." + tc_detection_type = "Virus" tc_detection_name = "Greenp" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Mocket.yara b/yara/virus/Win32.Virus.Mocket.yara index 441c194..9da9e25 100644 --- a/yara/virus/Win32.Virus.Mocket.yara +++ b/yara/virus/Win32.Virus.Mocket.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Mocket : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Mocket virus." + tc_detection_type = "Virus" tc_detection_name = "Mocket" tc_detection_factor = 5 diff --git a/yara/virus/Win32.Virus.Negt.yara b/yara/virus/Win32.Virus.Negt.yara index a2afa3e..49165f1 100644 --- a/yara/virus/Win32.Virus.Negt.yara +++ b/yara/virus/Win32.Virus.Negt.yara @@ -5,6 +5,13 @@ rule Win32_Virus_Negt : tc_detection malicious meta: author = "ReversingLabs" + + source = "ReversingLabs" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + description = "Yara rule that detects Negt virus." + tc_detection_type = "Virus" tc_detection_name = "Negt" tc_detection_factor = 5